Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1560053
MD5:a946e9443c4fbb7cbfbca8667c099696
SHA1:85a6507e2ff6ed26724ca6dce2842b33dd97ef8e
SHA256:e85069cf3df6f629435808fa11dc054609e3de054c12314a4bb87a8ea3e853ad
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 6276 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A946E9443C4FBB7CBFBCA8667C099696)
    • taskkill.exe (PID: 6640 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1816 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1208 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6312 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5728 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 6292 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6972 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 4540 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3192 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3f1fe9-29b5-44a7-92d0-ccc1cf2e6846} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2b926f310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7624 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3424 -parentBuildID 20230927232528 -prefsHandle 3656 -prefMapHandle 3416 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1945997-5213-478c-a830-2cea8a37ed43} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2cb764f10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7240 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {526b2fdc-0c3a-45ce-a3ce-77acb2c614cf} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2d1852510 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 6276JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeReversingLabs: Detection: 28%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.9% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49742 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49826 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49828 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.6:49829 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49835 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49834 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49909 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49906 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49908 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49910 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49907 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49905 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49915 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49916 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2320841479.000001F2D5E04000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2364949449.000001F2D5E71000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5E87000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2362930479.000001F2D5E8D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2364949449.000001F2D5E71000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5E87000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2364064491.000001F2D5E87000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2362930479.000001F2D5E8D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2360984358.000001F2C6C98000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2320841479.000001F2D5E04000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2364064491.000001F2D5E87000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2360984358.000001F2C6C98000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_006EDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BC2A2 FindFirstFileExW,0_2_006BC2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F68EE FindFirstFileW,FindClose,0_2_006F68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_006F698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006ED076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006ED3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006F9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006F979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_006F9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_006F5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 225MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_006FCE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2449404666.000001F2D4F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2403250942.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427945808.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2439441233.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2351585678.000001F2D2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431151018.000001F2D202B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429375358.000001F2D202B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2429375358.000001F2D2045000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351585678.000001F2D2045000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2405176333.000001F2D2045000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2351585678.000001F2D2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431151018.000001F2D202B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429375358.000001F2D202B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449404666.000001F2D4F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2403250942.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427945808.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2439441233.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2429375358.000001F2D2045000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351585678.000001F2D2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431151018.000001F2D202B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2351585678.000001F2D2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431151018.000001F2D202B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429375358.000001F2D202B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2411615119.000001F2CBE1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3467541570.0000017A2860C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2411615119.000001F2CBE1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3467541570.0000017A2860C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2411615119.000001F2CBE1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3467541570.0000017A2860C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2351585678.000001F2D2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431151018.000001F2D202B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429375358.000001F2D202B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2403250942.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427945808.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2439441233.000001F2D54CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2445681709.000001F2C9C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2446397694.000001F2C9B8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2281839242.000001F2D1B85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.2355431168.000001F2D5E7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360414401.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361827215.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357035562.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356211334.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362930479.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361355285.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357949292.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2364064491.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E7B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E7B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.2355431168.000001F2D5E7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360414401.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361827215.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357035562.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356211334.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362930479.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361355285.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357949292.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2364064491.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.2355431168.000001F2D5E7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360414401.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361827215.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357035562.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356211334.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362930479.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361355285.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357949292.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2364064491.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB144000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2449868417.000001F2D1FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2405176333.000001F2D2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431680653.000001F2D1970000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000E.00000003.2378337995.000001F2CA7F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2290166860.000001F2CAD8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409122444.000001F2CC948000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357426220.000001F2CACC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393621938.000001F2CA6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433745313.000001F2CB8C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354928005.000001F2C6AD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307150432.000001F2C99E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368607098.000001F2CD495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383663554.000001F2CA6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353222761.000001F2D1A20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407717755.000001F2CC97B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2382648876.000001F2C99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286804810.000001F2CAA13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306562525.000001F2CA6FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383955159.000001F2C99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2364996543.000001F2CD47F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406315575.000001F2D18CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2430734317.000001F2CAC4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417986208.000001F2CA6F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296683393.000001F2CAD84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294007713.000001F2CAD84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.2355431168.000001F2D5E7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360414401.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361827215.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357035562.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356211334.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362930479.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361355285.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357949292.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2364064491.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E7B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330202970.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2352702138.000001F2D1A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.2352702138.000001F2D1A71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2404163958.000001F2D4F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2355431168.000001F2D5E7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360414401.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361827215.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357035562.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2356211334.000001F2D5E9D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362930479.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361355285.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357949292.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2364064491.000001F2D5EA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2442450517.000001F2CB030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2449112046.000001F2C904F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2448621394.000001F2C984A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2448755305.000001F2C9828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433484023.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413811511.000001F2CB830000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000E.00000003.2434493249.000001F2CB830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413811511.000001F2CB830000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul5
    Source: firefox.exe, 0000000E.00000003.2448755305.000001F2C9828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: firefox.exe, 0000000E.00000003.2434493249.000001F2CB830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413811511.000001F2CB830000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulnZ
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2352702138.000001F2D1A71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2404163958.000001F2D4F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2352702138.000001F2D1A71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2404163958.000001F2D4F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2353363683.000001F2D19D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2254957592.000001F2C9100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255463770.000001F2C9353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2431509597.000001F2D1AED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429767936.000001F2D1ADC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2352255121.000001F2D1ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2352702138.000001F2D1A7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398752178.000001F2D342D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311249403.000001F2D3460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2400264358.000001F2D3427000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399985452.000001F2D3462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: file.exe, 00000000.00000002.2281006363.0000000001180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdsoft.wi
    Source: firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2447646784.000001F2C9A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000E.00000003.2445681709.000001F2C9C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2442897625.000001F2CAB67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2446397694.000001F2C9B8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2447272514.000001F2CCC84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1992000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2281839242.000001F2D1B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3467543073.00000250B88C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470955592.0000017A28903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
    Source: firefox.exe, 00000010.00000002.3467543073.00000250B88C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470955592.0000017A28903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
    Source: firefox.exe, 0000000E.00000003.2449404666.000001F2D4F36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449404666.000001F2D4F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2312474286.000001F2C992B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.2312474286.000001F2C992B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.2312474286.000001F2C992B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2312474286.000001F2C992B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2380701489.000001F2CAC9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362244862.000001F2CAC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.2312474286.000001F2C992B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2254957592.000001F2C9100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255463770.000001F2C9353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3467543073.00000250B88C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470955592.0000017A28903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
    Source: firefox.exe, 00000010.00000002.3467543073.00000250B88C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470955592.0000017A28903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.2281839242.000001F2D1BB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428677289.000001F2D3AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449774206.000001F2D3AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2448621394.000001F2C984A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281839242.000001F2D1B65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281839242.000001F2D1B8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277697184.000001F2D1C25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433484023.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000E.00000003.2286804810.000001F2CAA18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277697184.000001F2D1C25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2428781323.000001F2D205F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2447521825.000001F2C9B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2387774582.000001F2C956A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288881621.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2420702530.000001F2C9570000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2353363683.000001F2D19EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A28613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2284406258.000001F2CA83B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2414193751.000001F2CB0E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2447646784.000001F2C9AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A28613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A286C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A286C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2441911778.000001F2CC95D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E02F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3467541570.0000017A28630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A286C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2353363683.000001F2D19A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A286C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2405176333.000001F2D2026000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277697184.000001F2D1C25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.2364996543.000001F2CD490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2364996543.000001F2CD490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.2254957592.000001F2C9100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2309046369.000001F2D342D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2443869406.000001F2CAB50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2429718152.000001F2D1BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281644649.000001F2D1BDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2351083466.000001F2D59D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449404666.000001F2D4F36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A286F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/9afa9d72-84dc-48a6-8fe0-b2cac
    Source: firefox.exe, 0000000E.00000003.2433140163.000001F2CBDCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2404512762.000001F2D4CF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449539004.000001F2D4CF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/76012041-d9cd-45d6-ae06-347b
    Source: firefox.exe, 0000000E.00000003.2403921786.000001F2D5478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/07579906-a6ae-4f7e
    Source: firefox.exe, 0000000E.00000003.2403921786.000001F2D5478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/425f308e-09dd-43e9
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2440580865.000001F2D1FEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2281839242.000001F2D1B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A2868F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2294007713.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.2289916798.000001F2CAD90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293319477.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292974851.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290980491.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294007713.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000E.00000003.2289916798.000001F2CAD90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293319477.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292974851.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290980491.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294007713.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2449404666.000001F2D4F36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000E.00000003.2442897625.000001F2CABAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000E.00000003.2442897625.000001F2CABAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000E.00000003.2442897625.000001F2CABAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000E.00000003.2442897625.000001F2CABAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2286804810.000001F2CAA18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000E.00000003.2404512762.000001F2D4CB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428366542.000001F2D4CB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2439705210.000001F2D4CB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449539004.000001F2D4CC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.2447646784.000001F2C9AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2447646784.000001F2C9A3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9B8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9B8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2281839242.000001F2D1B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A28613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2281839242.000001F2D1B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428677289.000001F2D3AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449774206.000001F2D3AB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E0BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3467541570.0000017A286F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.2442897625.000001F2CABCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000E.00000003.2442897625.000001F2CABCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2445681709.000001F2C9C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2446397694.000001F2C9B8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2282146908.000001F2CBAED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413215288.000001F2CBAEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433484023.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433639471.000001F2CBAEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2435884337.000001F2CB0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414025788.000001F2CB0FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.2351585678.000001F2D2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431151018.000001F2D202B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429375358.000001F2D202B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2405176333.000001F2D2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000E.00000003.2352481784.000001F2CB9C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2428781323.000001F2D208D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2445681709.000001F2C9C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2445681709.000001F2C9C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2403250942.000001F2D54B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2445265604.000001F2CA9FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277697184.000001F2D1C25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2403250942.000001F2D54B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3467543073.00000250B88C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470955592.0000017A28903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
    Source: firefox.exe, 0000000E.00000003.2254957592.000001F2C9100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255463770.000001F2C9353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381465717.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361382643.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2445321237.000001F2CA9E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288881621.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000E.00000003.2330373219.000001F2D5E78000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2429718152.000001F2D1BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279530937.000001F2D1EF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280606621.000001F2D1E07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2254957592.000001F2C9100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255463770.000001F2C9353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2429718152.000001F2D1BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255463770.000001F2C9353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381465717.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361382643.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2445321237.000001F2CA9E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288881621.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2289916798.000001F2CAD90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293319477.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292974851.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290980491.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294007713.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2289916798.000001F2CAD90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293319477.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292974851.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290980491.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294007713.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2450426476.000001F2D1BCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2284406258.000001F2CA83B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000E.00000003.2435884337.000001F2CB0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414025788.000001F2CB0FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2435884337.000001F2CB0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414025788.000001F2CB0FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2434683377.000001F2CB1F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000012.00000002.3466689344.000001F20E0C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3467541570.0000017A286F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000013.00000002.3467541570.0000017A286F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/T
    Source: firefox.exe, 0000000E.00000003.2431680653.000001F2D1992000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2403250942.000001F2D54B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2445265604.000001F2CA9FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 00000010.00000002.3467543073.00000250B88C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470955592.0000017A28903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
    Source: firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000E.00000003.2403250942.000001F2D54B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3467541570.0000017A2860C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000E.00000003.2433745313.000001F2CB893000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353363683.000001F2D19D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2411615119.000001F2CBE9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353363683.000001F2D19D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000013.00000002.3470416640.0000017A28780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac
    Source: firefox.exe, 00000012.00000002.3470582497.000001F20E1B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac3a
    Source: firefox.exe, 0000000E.00000003.2433745313.000001F2CB893000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401119289.000001F2D343E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3465690543.00000250B84EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470473214.00000250B89D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3465690543.00000250B84E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3465693608.000001F20DE90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3465693608.000001F20DE9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3470582497.000001F20E1B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470416640.0000017A28784000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3465958327.0000017A2835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.2238034850.0000024F3C43E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2244248183.0000027D69D9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000013.00000002.3465958327.0000017A28350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdM
    Source: firefox.exe, 00000010.00000002.3470473214.00000250B89D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3465690543.00000250B84E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3465693608.000001F20DE90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3470582497.000001F20E1B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3465958327.0000017A28350000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470416640.0000017A28784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000013.00000002.3465958327.0000017A2835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdY
    Source: firefox.exe, 0000000E.00000003.2433745313.000001F2CB8E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413300338.000001F2CB8E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/search.user.private
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
    Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49742 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49826 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49828 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.6:49829 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49835 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49834 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49909 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49906 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49908 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49910 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49907 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49905 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49915 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49916 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006FEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_006FED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006FEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_006EAA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00719576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00719576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e35496c5-1
    Source: file.exe, 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_43972e02-d
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_819a9030-5
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_4e545efa-e
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001F20E1621F2 NtQuerySystemInformation,18_2_000001F20E1621F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001F20E1726F7 NtQuerySystemInformation,18_2_000001F20E1726F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ED5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_006ED5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_006E1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_006EE8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068BF400_2_0068BF40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006880600_2_00688060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F20460_2_006F2046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E82980_2_006E8298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BE4FF0_2_006BE4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B676B0_2_006B676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007148730_2_00714873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068CAF00_2_0068CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ACAA00_2_006ACAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069CC390_2_0069CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B6DD90_2_006B6DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069D07D0_2_0069D07D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069B1190_2_0069B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006891C00_2_006891C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A13940_2_006A1394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A781B0_2_006A781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069997D0_2_0069997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006879200_2_00687920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A7A4A0_2_006A7A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A7CA70_2_006A7CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070BE440_2_0070BE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B9EEE0_2_006B9EEE
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001F20E1621F218_2_000001F20E1621F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001F20E16223218_2_000001F20E162232
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001F20E16291C18_2_000001F20E16291C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001F20E1726F718_2_000001F20E1726F7
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00689CB3 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0069F9F2 appears 40 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 006A0A30 appears 46 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/34@66/12
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F37B5 GetLastError,FormatMessageW,0_2_006F37B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E10BF AdjustTokenPrivileges,CloseHandle,0_2_006E10BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_006E16C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_006F51CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ED4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_006ED4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_006F648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_006842A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2144:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3300:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6220:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1016:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4256:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2350948149.000001F2D5AE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: file.exeReversingLabs: Detection: 28%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3f1fe9-29b5-44a7-92d0-ccc1cf2e6846} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2b926f310 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3424 -parentBuildID 20230927232528 -prefsHandle 3656 -prefMapHandle 3416 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1945997-5213-478c-a830-2cea8a37ed43} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2cb764f10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {526b2fdc-0c3a-45ce-a3ce-77acb2c614cf} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2d1852510 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3f1fe9-29b5-44a7-92d0-ccc1cf2e6846} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2b926f310 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3424 -parentBuildID 20230927232528 -prefsHandle 3656 -prefMapHandle 3416 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1945997-5213-478c-a830-2cea8a37ed43} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2cb764f10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {526b2fdc-0c3a-45ce-a3ce-77acb2c614cf} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2d1852510 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2320841479.000001F2D5E04000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2364949449.000001F2D5E71000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5E87000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2362930479.000001F2D5E8D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2364949449.000001F2D5E71000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365101077.000001F2D5E87000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2364064491.000001F2D5E87000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2362930479.000001F2D5E8D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2360984358.000001F2C6C98000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2320841479.000001F2D5E04000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2364064491.000001F2D5E87000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2360984358.000001F2C6C98000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006842DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A22C3 push 00000000h; iretd 0_2_006A22FC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A0A76 push ecx; ret 0_2_006A0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0069F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00711C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00711C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95171
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001F20E1621F2 rdtsc 18_2_000001F20E1621F2
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.7 %
    Source: C:\Users\user\Desktop\file.exe TID: 6776Thread sleep count: 102 > 30Jump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 6776Thread sleep count: 150 > 30Jump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_006EDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BC2A2 FindFirstFileExW,0_2_006BC2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F68EE FindFirstFileW,FindClose,0_2_006F68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_006F698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006ED076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006ED3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006F9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006F979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_006F9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_006F5C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006842DE
    Source: firefox.exe, 00000010.00000002.3465690543.00000250B84EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP?
    Source: firefox.exe, 00000012.00000002.3470985493.000001F20E720000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3465958327.0000017A2835A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000012.00000002.3470985493.000001F20E720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
    Source: firefox.exe, 00000010.00000002.3470880057.00000250B8A15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000013.00000002.3470741616.0000017A28790000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
    Source: firefox.exe, 00000010.00000002.3471819332.00000250B8B04000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3470985493.000001F20E720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 00000010.00000002.3471819332.00000250B8B04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD
    Source: firefox.exe, 00000012.00000002.3465693608.000001F20DE9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`Jr
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001F20E1621F2 rdtsc 18_2_000001F20E1621F2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FEAA2 BlockInput,0_2_006FEAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006B2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006842DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A4CE8 mov eax, dword ptr fs:[00000030h]0_2_006A4CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_006E0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006B2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006A083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A09D5 SetUnhandledExceptionFilter,0_2_006A09D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_006A0C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_006E1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_006C2BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EB226 SendInput,keybd_event,0_2_006EB226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_007022DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_006E0B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_006E1663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.2332284996.000001F2D5EA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A0698 cpuid 0_2_006A0698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006F8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_006F8195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006DD27A GetUserNameW,0_2_006DD27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_006BB952
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006842DE

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6276, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6276, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00701204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00701204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00701806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00701806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    1
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets131
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials11
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560053 Sample: file.exe Startdate: 21/11/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 235 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube-ui.l.google.com 142.250.184.238, 443, 49736, 49737 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49735, 49750, 49751 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe29%ReversingLabsWin32.Trojan.AutoitInject
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      high
      star-mini.c10r.facebook.com
      157.240.251.35
      truefalse
        high
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          high
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            high
            twitter.com
            104.244.42.129
            truefalse
              high
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                high
                services.addons.mozilla.org
                151.101.65.91
                truefalse
                  high
                  dyna.wikimedia.org
                  185.15.59.224
                  truefalse
                    high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      high
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        high
                        youtube.com
                        142.250.184.238
                        truefalse
                          high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          34.160.144.191
                          truefalse
                            high
                            youtube-ui.l.google.com
                            142.250.184.238
                            truefalse
                              high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              34.149.128.2
                              truefalse
                                high
                                reddit.map.fastly.net
                                151.101.193.140
                                truefalse
                                  high
                                  ipv4only.arpa
                                  192.0.0.171
                                  truefalse
                                    high
                                    prod.ads.prod.webservices.mozgcp.net
                                    34.117.188.166
                                    truefalse
                                      high
                                      push.services.mozilla.com
                                      34.107.243.93
                                      truefalse
                                        high
                                        normandy-cdn.services.mozilla.com
                                        35.201.103.21
                                        truefalse
                                          high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          34.120.208.123
                                          truefalse
                                            high
                                            www.reddit.com
                                            unknown
                                            unknownfalse
                                              high
                                              spocs.getpocket.com
                                              unknown
                                              unknownfalse
                                                high
                                                content-signature-2.cdn.mozilla.net
                                                unknown
                                                unknownfalse
                                                  high
                                                  support.mozilla.org
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    firefox.settings.services.mozilla.com
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      www.youtube.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        www.facebook.com
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          detectportal.firefox.com
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            normandy.cdn.mozilla.net
                                                            unknown
                                                            unknownfalse
                                                              high
                                                              shavar.services.mozilla.com
                                                              unknown
                                                              unknownfalse
                                                                high
                                                                www.wikipedia.org
                                                                unknown
                                                                unknownfalse
                                                                  high
                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000013.00000002.3467541570.0000017A286C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        high
                                                                        https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433484023.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                            high
                                                                            https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2277697184.000001F2D1C25000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000013.00000002.3467541570.0000017A2868F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2281839242.000001F2D1B65000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2447646784.000001F2C9AE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2254957592.000001F2C9100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255463770.000001F2C9353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2445681709.000001F2C9C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2442897625.000001F2CAB67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2446397694.000001F2C9B8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2254957592.000001F2C9100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255463770.000001F2C9353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381465717.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361382643.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2445321237.000001F2CA9E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288881621.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://www.msn.comfirefox.exe, 0000000E.00000003.2431680653.000001F2D1992000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2254957592.000001F2C9100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://youtube.com/firefox.exe, 0000000E.00000003.2411615119.000001F2CBE9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353363683.000001F2D19D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://youtube.com/account?=https://acfirefox.exe, 00000013.00000002.3470416640.0000017A28780000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://www.instagram.com/firefox.exe, 0000000E.00000003.2289916798.000001F2CAD90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293319477.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292974851.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290980491.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294007713.000001F2CAD8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                high
                                                                                                                                https://www.amazon.com/firefox.exe, 0000000E.00000003.2403250942.000001F2D54B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://www.youtube.com/firefox.exe, 0000000E.00000003.2403250942.000001F2D54B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3467541570.0000017A2860C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2312474286.000001F2C992B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000013.00000002.3467541570.0000017A286C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://127.0.0.1:firefox.exe, 0000000E.00000003.2281839242.000001F2D1B85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2286804810.000001F2CAA18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://bugzilla.mofirefox.exe, 0000000E.00000003.2449404666.000001F2D4F36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449404666.000001F2D4F2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.2442897625.000001F2CABCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                high
                                                                                                                                                                https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.2447646784.000001F2C9A3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://spocs.getpocket.com/firefox.exe, 00000013.00000002.3467541570.0000017A28613000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://addons.mozilla.org/firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2290166860.000001F2CAD8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409122444.000001F2CC948000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357426220.000001F2CACC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393621938.000001F2CA6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433745313.000001F2CB8C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354928005.000001F2C6AD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307150432.000001F2C99E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368607098.000001F2CD495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383663554.000001F2CA6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353222761.000001F2D1A20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407717755.000001F2CC97B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2382648876.000001F2C99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286804810.000001F2CAA13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306562525.000001F2CA6FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383955159.000001F2C99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2364996543.000001F2CD47F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406315575.000001F2D18CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2430734317.000001F2CAC4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417986208.000001F2CA6F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296683393.000001F2CAD84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294007713.000001F2CAD84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2431509597.000001F2D1AED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429767936.000001F2D1ADC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2352255121.000001F2D1ADC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  http://youtube.com/firefox.exe, 0000000E.00000003.2353363683.000001F2D19D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2431680653.000001F2D1970000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2352702138.000001F2D1A71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2404163958.000001F2D4F5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2352702138.000001F2D1A71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2404163958.000001F2D4F5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2385505973.000001F2D1C24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2440580865.000001F2D1FEA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.2446397694.000001F2C9BD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.2353363683.000001F2D19EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://profiler.firefox.comfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2312474286.000001F2C992B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2404163958.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2448621394.000001F2C984A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281839242.000001F2D1B65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281839242.000001F2D1B8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2428175167.000001F2D4F89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                            https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                https://truecolors.firefox.com/firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                  https://www.google.com/searchfirefox.exe, 0000000E.00000003.2429718152.000001F2D1BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255278291.000001F2C9332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255463770.000001F2C9353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381465717.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361382643.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2445321237.000001F2CA9E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255120682.000001F2C9310000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288881621.000001F2CAC31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                    https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                        https://topsites.services.mozilla.com/cid/firefox.exe, 00000010.00000002.3470326343.00000250B8900000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3469807867.000001F20E100000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3470272987.0000017A28700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                          https://www.wykop.pl/firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                                            https://twitter.com/firefox.exe, 0000000E.00000003.2403250942.000001F2D54B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                                              https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErrfirefox.exe, 0000000E.00000003.2435409676.000001F2CB147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                                https://www.olx.pl/firefox.exe, 0000000E.00000003.2440635008.000001F2D1F29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 0000000E.00000003.2312474286.000001F2C992B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                                    https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_firefox.exe, 00000010.00000002.3467543073.00000250B88C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3466689344.000001F20E0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3470955592.0000017A28903000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                                      https://support.mozilla.org/firefox.exe, 0000000E.00000003.2413039424.000001F2CBD96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                                        https://poczta.interia.pl/mh/?mailto=%sfirefox.exe, 0000000E.00000003.2448801079.000001F2C9040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2449112046.000001F2C9040000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          151.101.65.91
                                                                                                                                                                                                                                                                          services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.184.238
                                                                                                                                                                                                                                                                          youtube.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1
                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1560053
                                                                                                                                                                                                                                                                          Start date and time:2024-11-21 11:02:06 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 7m 12s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:file.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal72.troj.evad.winEXE@34/34@66/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 95%
                                                                                                                                                                                                                                                                          • Number of executed functions: 42
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 311
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 184.28.90.27, 52.12.64.98, 35.164.125.63, 35.80.238.59, 2.22.61.56, 2.22.61.59, 172.217.23.110, 142.250.185.138, 142.250.185.234, 142.250.185.110
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, e16604.g.akamaiedge.net, safebrowsing.googleapis.com, prod.fs.microsoft.com.akadns.net, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: file.exe
                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          05:03:18API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  34.160.144.191file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      151.101.65.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                                          twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                                          https://fxwf9-53194.portmap.io:53194/?x=sb232111Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                          ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          https://ollama.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.36.133.15
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          FASTLYUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          https://cabinetstogollc-my.sharepoint.com/:b:/g/personal/store802_cabinetstogo_com/EYepBlB4QExJsG0U-4jKG4ABoZxLg7rdp0_zjjwabbUc1g?e=q4iRIE&com.microsoft.intune.mam.appmdmmgtstate=2&com.microsoft.intune.mam.policysource=2&com.microsoft.intune.mam.identity=mcle%40novozymes.com&com.microsoft.intune.mam.policy=1&com.microGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          +11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msgGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          Secured Audlo_secpod.com_1524702658.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          https://ollama.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.36.133.15
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.180306078831364
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:U/BMXZVOcbhbVbTbfbRbObtbyEl7nUrWJA6unSrDtTkdxSofTL:2imcNhnzFSJ0rV1nSrDhkdxT
                                                                                                                                                                                                                                                                                                                                                                              MD5:B5D131BCD385C2471D9F4598263C99AF
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F78B2145D93741D56F6A6356E45ACFEEC4BDA8A4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1D34B7E00C0AD1A1967FB784E4825609C1072920CBA2F0E5B5FBBB8593E8E4CE
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:439866C5B68EF82597BBC66A630B2D2B60F6732338D6308379B8D1378673F32EC8211754E94536C0D8F1EC14194BED43488946C3258B65B20D50342B14D2BE50
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"0cc711e2-b902-445a-b40a-cdeae78a6349","creationDate":"2024-11-21T11:59:38.715Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.180306078831364
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:U/BMXZVOcbhbVbTbfbRbObtbyEl7nUrWJA6unSrDtTkdxSofTL:2imcNhnzFSJ0rV1nSrDhkdxT
                                                                                                                                                                                                                                                                                                                                                                              MD5:B5D131BCD385C2471D9F4598263C99AF
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F78B2145D93741D56F6A6356E45ACFEEC4BDA8A4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1D34B7E00C0AD1A1967FB784E4825609C1072920CBA2F0E5B5FBBB8593E8E4CE
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:439866C5B68EF82597BBC66A630B2D2B60F6732338D6308379B8D1378673F32EC8211754E94536C0D8F1EC14194BED43488946C3258B65B20D50342B14D2BE50
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"0cc711e2-b902-445a-b40a-cdeae78a6349","creationDate":"2024-11-21T11:59:38.715Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.932579562452597
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLSgXK8P:gXiNFS+OcUGOdwiOdwBjkYLLXK8P
                                                                                                                                                                                                                                                                                                                                                                              MD5:1FAAD89F08F7DA07EBADE1A0C6C7378F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:D46C306D13B5B6EE9A0A6CEC1294ADB8814589F2
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AD3B2F1A1AD9F9DC38E86C04682F9DE8765B93C8C22A5B6B2BDCC1821E95A0D2
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:2A18B9DF1900EE39700876BB169D3CFE40E86F9A9265433FCF51FB8B342BFAD47ACE6BB0FBD0F11EFF31F88D4A71D82344CF0046E37F0F319C8E64DDFDA7B8A6
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.932579562452597
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLSgXK8P:gXiNFS+OcUGOdwiOdwBjkYLLXK8P
                                                                                                                                                                                                                                                                                                                                                                              MD5:1FAAD89F08F7DA07EBADE1A0C6C7378F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:D46C306D13B5B6EE9A0A6CEC1294ADB8814589F2
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AD3B2F1A1AD9F9DC38E86C04682F9DE8765B93C8C22A5B6B2BDCC1821E95A0D2
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:2A18B9DF1900EE39700876BB169D3CFE40E86F9A9265433FCF51FB8B342BFAD47ACE6BB0FBD0F11EFF31F88D4A71D82344CF0046E37F0F319C8E64DDFDA7B8A6
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 26944 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):6071
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.61263436125208
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:72YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlSAJVrfzjZXjkTndS12opTaM:7Tx2x2t0FDJ4NF6ILDfzjtedh6TX
                                                                                                                                                                                                                                                                                                                                                                              MD5:FD36D36BC5077FC3D16CD68CC7FFC65A
                                                                                                                                                                                                                                                                                                                                                                              SHA1:2111D7339EA8F94FC7F4F8E2964ABDBE6198F90B
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:3A65636ABBCBF9BC2447FEA1BCE9BFC0E6DACD10D5721D21D670A537FFF0D545
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:074547A0C2D572BA22D27A4EC3A0957C27B72E732D0ED37501C30A9657CAD258584819D3A92215B52638888D9FC0682E871F454B0ECBFC75373CBAE38DA4D656
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.@i....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 26944 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):6071
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.61263436125208
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:72YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlSAJVrfzjZXjkTndS12opTaM:7Tx2x2t0FDJ4NF6ILDfzjtedh6TX
                                                                                                                                                                                                                                                                                                                                                                              MD5:FD36D36BC5077FC3D16CD68CC7FFC65A
                                                                                                                                                                                                                                                                                                                                                                              SHA1:2111D7339EA8F94FC7F4F8E2964ABDBE6198F90B
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:3A65636ABBCBF9BC2447FEA1BCE9BFC0E6DACD10D5721D21D670A537FFF0D545
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:074547A0C2D572BA22D27A4EC3A0957C27B72E732D0ED37501C30A9657CAD258584819D3A92215B52638888D9FC0682E871F454B0ECBFC75373CBAE38DA4D656
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.@i....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                              MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                              MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                              SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                              MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                              SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.07322372386383841
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiR2l:DLhesh7Owd4+jiRC
                                                                                                                                                                                                                                                                                                                                                                              MD5:194A33EAA45179D867C872C0DFFE4B6A
                                                                                                                                                                                                                                                                                                                                                                              SHA1:8AF352125413FC66CDC489D9C3EC16CBAC832ED7
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:69DED5924CA67FF4C9E232E703D3DD5893B4C4856ACC84827339EA7510EEAC57
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9EEDE5CCF84C59B19455C69D6312FB8DE77D2F8432F9F30602AB5FDD55706F9A5F07703D6B9D1BB81703C042B571D10CBB797721F05B637F7DC4D346AB8BF11D
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:GtlstF/7p6/nAYIg3lstF/7p6/nAYIlT89//alEl:GtWtSZWtS089XuM
                                                                                                                                                                                                                                                                                                                                                                              MD5:0E4A905830714919614C635335C6487E
                                                                                                                                                                                                                                                                                                                                                                              SHA1:63172FC2A90BA90718163AEE4CE7615FB6C5A1CE
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E1C38EC89D2E6242292B0300DBD9319BF9B7AD7375C55D3F7EB8AF85A58F2065
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:202E461A61D38F6CEDCC7BC24059058FAA3C5718C995CC3CC80BBC4C2946AB6E36DF26514C9B407DA6A1F4DF5494AF2A5BEEE0EE3F414C5477020E3A67AABD8D
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:..-.....................h....O.........w `..I....-.....................h....O.........w `..I..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.034878162048718665
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:Ol1EaOCXf3iMxVZlZSrV//mwl8XW3R2:KOaOMHlspuw93w
                                                                                                                                                                                                                                                                                                                                                                              MD5:A0AD85F198D3B29C94DDAA0450B144A7
                                                                                                                                                                                                                                                                                                                                                                              SHA1:57833C75BCD9AD0C9D0076E58E1E028C7CE65283
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:92D20D067159AEF18631897A859C92E8CD50CAAF9FD967B18AFAB0F18B6691F3
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:2160EB022A2B59A66E4D7B96C8B7B825B9B6B0D25D5FED10AFAC8133C5BA718A686244547AEB1376D81B702686FAB4E2C6631602FCBE4B18DF82D51D9D6EB193
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:7....-.................wqX...sgT...............w..h..O.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.466969688775189
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:lnTFTRRUYbBp6+LZNMGaXl6qU4KKzy+/3/7Lv15RYiNBw8djSl:FKenFNMAlayCldwY0
                                                                                                                                                                                                                                                                                                                                                                              MD5:2E1EC45BC29689CACD2E3E2DC8C94C0E
                                                                                                                                                                                                                                                                                                                                                                              SHA1:8626AD7A8FF6DE6FDD7E8A521CF8B59B0E4BD432
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6B63639A3B7AA647F85B04CE3373D4CDACAD76E1FE970C65AB333B29177A93D1
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:338CC72892C47BA6A0F864E2E684A0A4DFDBA3E26C4823E022E72DD6B6A374142C37F7B63D2849F280EAFE8C3A621181178AE10E5BE811473281389B113773CB
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732190348);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732190348);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732190348);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173219
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.466969688775189
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:lnTFTRRUYbBp6+LZNMGaXl6qU4KKzy+/3/7Lv15RYiNBw8djSl:FKenFNMAlayCldwY0
                                                                                                                                                                                                                                                                                                                                                                              MD5:2E1EC45BC29689CACD2E3E2DC8C94C0E
                                                                                                                                                                                                                                                                                                                                                                              SHA1:8626AD7A8FF6DE6FDD7E8A521CF8B59B0E4BD432
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6B63639A3B7AA647F85B04CE3373D4CDACAD76E1FE970C65AB333B29177A93D1
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:338CC72892C47BA6A0F864E2E684A0A4DFDBA3E26C4823E022E72DD6B6A374142C37F7B63D2849F280EAFE8C3A621181178AE10E5BE811473281389B113773CB
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732190348);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732190348);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732190348);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173219
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                              MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                              SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1571
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.340355957316318
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxS7qLXnIgj/pnxQwRlszT5sKL003eHVvwKXTramhujJmyOOxmOmaoRL:GUpOxkqVnR6N3eNwCTr4JNKRhx
                                                                                                                                                                                                                                                                                                                                                                              MD5:17C0C08AC443007F2E672014A64C80F8
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F630BAE0885993CFF4768C61A8F5A0123ED69334
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DCA78D595A73AF0FD38FBDABAD432A0DAA490E4B9CF0CA4635B4A0539EDD6290
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:394B598429B2B3953B1B0436613C4338D4335E417E207C1639F61E35E10BDAF5E8286165340741BCFD58CEDAEB3267ACAD3E568E834D8CB323F4064F3ABF556F
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9346bfb2-885c-4693-b4bf-67b3dadcfd00}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732190352087,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...8,"startTim..A1810...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...23659,"originA....
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1571
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.340355957316318
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxS7qLXnIgj/pnxQwRlszT5sKL003eHVvwKXTramhujJmyOOxmOmaoRL:GUpOxkqVnR6N3eNwCTr4JNKRhx
                                                                                                                                                                                                                                                                                                                                                                              MD5:17C0C08AC443007F2E672014A64C80F8
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F630BAE0885993CFF4768C61A8F5A0123ED69334
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DCA78D595A73AF0FD38FBDABAD432A0DAA490E4B9CF0CA4635B4A0539EDD6290
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:394B598429B2B3953B1B0436613C4338D4335E417E207C1639F61E35E10BDAF5E8286165340741BCFD58CEDAEB3267ACAD3E568E834D8CB323F4064F3ABF556F
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9346bfb2-885c-4693-b4bf-67b3dadcfd00}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732190352087,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...8,"startTim..A1810...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...23659,"originA....
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1571
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.340355957316318
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxS7qLXnIgj/pnxQwRlszT5sKL003eHVvwKXTramhujJmyOOxmOmaoRL:GUpOxkqVnR6N3eNwCTr4JNKRhx
                                                                                                                                                                                                                                                                                                                                                                              MD5:17C0C08AC443007F2E672014A64C80F8
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F630BAE0885993CFF4768C61A8F5A0123ED69334
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DCA78D595A73AF0FD38FBDABAD432A0DAA490E4B9CF0CA4635B4A0539EDD6290
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:394B598429B2B3953B1B0436613C4338D4335E417E207C1639F61E35E10BDAF5E8286165340741BCFD58CEDAEB3267ACAD3E568E834D8CB323F4064F3ABF556F
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9346bfb2-885c-4693-b4bf-67b3dadcfd00}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732190352087,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...8,"startTim..A1810...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...23659,"originA....
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                              MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                                              SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.009414726389773
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YrSAYzHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yczCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                              MD5:6A34F62168E09D05972319B4F18BEDEF
                                                                                                                                                                                                                                                                                                                                                                              SHA1:89596CBDCE2BA093DB1DB71F04ED8AD3A2280205
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F44F5467C9024A651C80D41E5E4613B6070821F68B74A0B5930E992D520B1916
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5E8124A09F4013F42728ACEAE8702B53C9C1DFE4408C1D8152B6CD2723E04346D429535E710DC18CC4A3D8598B6236DB41DE26972D1E61B96F29440B47E9FDB2
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-21T11:58:54.702Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.009414726389773
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YrSAYzHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yczCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                              MD5:6A34F62168E09D05972319B4F18BEDEF
                                                                                                                                                                                                                                                                                                                                                                              SHA1:89596CBDCE2BA093DB1DB71F04ED8AD3A2280205
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F44F5467C9024A651C80D41E5E4613B6070821F68B74A0B5930E992D520B1916
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5E8124A09F4013F42728ACEAE8702B53C9C1DFE4408C1D8152B6CD2723E04346D429535E710DC18CC4A3D8598B6236DB41DE26972D1E61B96F29440B47E9FDB2
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-21T11:58:54.702Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.592451572635273
                                                                                                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                              File name:file.exe
                                                                                                                                                                                                                                                                                                                                                                              File size:922'624 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5:a946e9443c4fbb7cbfbca8667c099696
                                                                                                                                                                                                                                                                                                                                                                              SHA1:85a6507e2ff6ed26724ca6dce2842b33dd97ef8e
                                                                                                                                                                                                                                                                                                                                                                              SHA256:e85069cf3df6f629435808fa11dc054609e3de054c12314a4bb87a8ea3e853ad
                                                                                                                                                                                                                                                                                                                                                                              SHA512:bbfa6b31b192bbeae2a13daa8ef41537a604faa7395c762ccf3eac00b6c82ffffc6c943e67127a7d41bfb591a555aac26dcbae96baef01d0716f595bac496da9
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:iqDEvCTbMWu7rQYlBQcBiT6rprG8aob4:iTvC/MTQYxsWR7ao
                                                                                                                                                                                                                                                                                                                                                                              TLSH:4B159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                                                                                                                                              Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                                                                                                                                              Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                              Time Stamp:0x673F01FE [Thu Nov 21 09:48:46 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                                                                                                                              call 00007F18C4E831A3h
                                                                                                                                                                                                                                                                                                                                                                              jmp 00007F18C4E82AAFh
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              call 00007F18C4E82C8Dh
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              call 00007F18C4E82C5Ah
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007F18C4E8584Dh
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007F18C4E85898h
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007F18C4E85881h
                                                                                                                                                                                                                                                                                                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xa838.rsrc
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xdf0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                              .rsrc0xd40000xa8380xaa004e42c9e65ff8d2babb4e82fa12d417eaFalse0.36808363970588237data5.652114541511596IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .reloc0xdf0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                              RT_RCDATA0xdc7b80x1b00data1.0015914351851851
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xde2b80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xde3300x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xde3440x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xde3580x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                              RT_VERSION0xde36c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                              RT_MANIFEST0xde4480x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                                                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                              UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                              EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.084860086 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.085374117 CET49736443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.085422993 CET44349736142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.085649014 CET49737443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.085705996 CET44349737142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.085859060 CET49738443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.085867882 CET4434973835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.087449074 CET49736443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.087465048 CET49737443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.087476015 CET49738443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.092183113 CET49736443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.092199087 CET44349736142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.093688011 CET49737443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.093708038 CET44349737142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.094974995 CET49738443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.094990969 CET4434973835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.129916906 CET49739443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.129946947 CET4434973934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.130037069 CET49739443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.131411076 CET49739443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.131422043 CET4434973934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.145658970 CET49740443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.145739079 CET4434974035.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.146955013 CET49740443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.147113085 CET49740443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.147147894 CET4434974035.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.147351980 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.147373915 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.147538900 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.148984909 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.149008036 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.204560041 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.208163977 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.208477974 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.327986956 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.561448097 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.561497927 CET4434974234.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.561650991 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.561701059 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.561708927 CET4434974234.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.353503942 CET4434973934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.353946924 CET49739443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.362270117 CET49739443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.362301111 CET4434973934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.362314939 CET49739443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.362490892 CET4434973934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.363338947 CET49739443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.385818005 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.407558918 CET4434974035.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.407627106 CET49740443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.408133030 CET4434973835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.408376932 CET49738443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.410779953 CET49740443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.410800934 CET4434974035.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.411061049 CET4434974035.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.415005922 CET49740443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.415082932 CET49740443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.415144920 CET4434974035.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.415288925 CET49740443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.416635990 CET49738443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.416645050 CET4434973835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.416697979 CET49738443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.416898966 CET4434973835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.417035103 CET49738443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.426707983 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.458270073 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.462646961 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.463196993 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.467688084 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.467716932 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.467756033 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.467880011 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.468172073 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.539444923 CET44349736142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.540126085 CET49736443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.540478945 CET44349736142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.541150093 CET49736443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.545017004 CET49736443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.545037985 CET44349736142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.545170069 CET49736443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.545361042 CET44349736142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.553602934 CET49736443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.570473909 CET44349737142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.571219921 CET44349737142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.571373940 CET49737443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.572433949 CET49737443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.572444916 CET44349737142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.577039003 CET49737443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.577068090 CET44349737142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.577194929 CET49737443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.577253103 CET44349737142.250.184.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.578118086 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.580822945 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.580854893 CET49737443192.168.2.6142.250.184.238
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.775954008 CET4434974234.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.787353039 CET4434974234.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.787817001 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.791004896 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.791013956 CET4434974234.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.791421890 CET4434974234.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.793312073 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.793426991 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.793497086 CET4434974234.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.795954943 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.795954943 CET49742443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.263633966 CET49748443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.263674021 CET4434974834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.264446974 CET49748443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.265888929 CET49748443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.265906096 CET4434974834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.478327036 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.478427887 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.597876072 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.597959042 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.598032951 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.598086119 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.598114014 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.598252058 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.717639923 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.717756033 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.462857962 CET49753443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.462915897 CET4434975334.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.463376999 CET49753443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.464998960 CET49753443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.465014935 CET4434975334.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.473623037 CET49754443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.473654032 CET4434975434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.473922014 CET49754443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.475392103 CET49754443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.475409031 CET4434975434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.475785017 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.475842953 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.476058006 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.476224899 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.476238966 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.496680021 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.496727943 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.496905088 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.498363018 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.498378992 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.528879881 CET4434974834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.533526897 CET49748443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.537381887 CET49748443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.537424088 CET4434974834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.537494898 CET49748443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.537841082 CET4434974834.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.540627956 CET49748443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.685151100 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.734045029 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.775091887 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.790923119 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.818739891 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.910602093 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.105190992 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.150908947 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.687309027 CET4434975334.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.687391996 CET49753443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.688579082 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.688858032 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.689266920 CET4434975434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.689330101 CET49754443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.712239981 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.712347031 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.733592033 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.733625889 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.734055042 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.785470009 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.805216074 CET49753443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.805249929 CET4434975334.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.805497885 CET49753443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.805697918 CET4434975334.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806005955 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806029081 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806032896 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806150913 CET49753443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806272984 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806293964 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806358099 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806369066 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806425095 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.806432009 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.808151960 CET49754443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.808181047 CET4434975434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.808231115 CET49754443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.808346987 CET4434975434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.808403969 CET49754443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:22.015328884 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:22.015383959 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:22.019341946 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:22.019426107 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.684149981 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.803906918 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.018027067 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.060945988 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.291779995 CET49768443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.291837931 CET4434976834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.292819023 CET49768443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.294311047 CET49768443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.294327021 CET4434976834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:25.608777046 CET4434976834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:25.608851910 CET49768443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:25.614046097 CET49768443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:25.614061117 CET4434976834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:25.614145041 CET49768443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:25.614212036 CET4434976834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:25.614268064 CET49768443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.281730890 CET49784443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.281774044 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.282161951 CET49785443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.282198906 CET4434978534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.287383080 CET49786443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.287415028 CET4434978634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.287882090 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.292767048 CET49784443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.292774916 CET49785443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.292795897 CET49786443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.292922974 CET49784443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.292939901 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.293097973 CET49785443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.293114901 CET4434978534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.294563055 CET49786443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.294584990 CET4434978634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.407390118 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.471613884 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.473093033 CET49789443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.473145008 CET4434978934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.474452972 CET49789443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.475860119 CET49789443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.475878954 CET4434978934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.479356050 CET49790443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.479372025 CET4434979034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.481179953 CET49790443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.482991934 CET49790443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.483006954 CET4434979034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.592341900 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.601948023 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.650449991 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.805439949 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.866683960 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.504761934 CET4434978634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.505817890 CET49786443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.511332035 CET49786443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.511332035 CET49786443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.511341095 CET4434978634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.511569023 CET4434978634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.511646032 CET49786443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.550256968 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.550271034 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.551073074 CET49784443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.555444002 CET4434978534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.555464029 CET4434978534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.555849075 CET49785443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.688240051 CET4434978934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.688339949 CET49789443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.787468910 CET4434979034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.787575006 CET49790443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.827258110 CET49784443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.827286959 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.827749968 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.829739094 CET49785443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.829756021 CET4434978534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.830681086 CET4434978534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.838287115 CET49784443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.838509083 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839031935 CET49784443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839051008 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839131117 CET49785443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839289904 CET49790443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839289904 CET49790443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839329004 CET4434979034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839359045 CET49785443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839603901 CET4434979034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839659929 CET4434978534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839708090 CET49789443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839708090 CET49789443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839726925 CET4434978934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.839891911 CET49785443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.840025902 CET4434978934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.840125084 CET49790443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.841293097 CET49789443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.051342010 CET4434978434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.051472902 CET49784443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.532304049 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.628591061 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.629709959 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.629750967 CET4434979634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.629959106 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.630013943 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.631500959 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.631603956 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.631654024 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.631666899 CET4434979634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.631755114 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.631774902 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.651897907 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.748158932 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.846936941 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.888262987 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.961587906 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.019800901 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.214147091 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.333728075 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.528429985 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.574665070 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.894527912 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.894618034 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.895576000 CET4434979634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.895654917 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.047831059 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.047849894 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.048192024 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.052272081 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.052301884 CET4434979634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.052762032 CET4434979634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.055613995 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.055835009 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.055924892 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.055937052 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.056390047 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.056474924 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.056729078 CET4434979634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.057548046 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.057588100 CET49796443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.057804108 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.059089899 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.178610086 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.391825914 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.398058891 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.446114063 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.517702103 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.712496996 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.762628078 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.544574022 CET49820443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.544641018 CET4434982034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.544712067 CET49820443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.546210051 CET49820443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.546227932 CET4434982034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.808676004 CET4434982034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.808768988 CET49820443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.814071894 CET49820443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.814091921 CET4434982034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.814173937 CET49820443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.814251900 CET4434982034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.815013885 CET49820443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.817053080 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.936604977 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.150191069 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.160708904 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.181627989 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.181690931 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.181849957 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.181994915 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.182038069 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.195772886 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.198913097 CET49827443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.198935986 CET4434982735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.201350927 CET49827443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.202967882 CET49827443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.202982903 CET4434982735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.280297995 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.404278040 CET49828443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.404325962 CET4434982835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.404580116 CET49828443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.404580116 CET49828443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.404622078 CET4434982835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.405436993 CET49829443192.168.2.6151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.405456066 CET44349829151.101.65.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.405771017 CET49829443192.168.2.6151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.405900002 CET49829443192.168.2.6151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.405919075 CET44349829151.101.65.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.427746058 CET49830443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.427783966 CET4434983035.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.428154945 CET49830443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.429584026 CET49830443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.429610014 CET4434983035.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.476152897 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.527936935 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.420228958 CET4434982735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.420303106 CET49827443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.425798893 CET49827443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.425823927 CET4434982735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.425904036 CET49827443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.425988913 CET4434982735.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.426125050 CET49827443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.428658009 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.443706989 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.443788052 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.447173119 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.447187901 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.447472095 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.450304985 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.450397968 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.450542927 CET4434982634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.450648069 CET49826443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.548198938 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.619379044 CET4434982835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.619446039 CET49828443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.622416019 CET49828443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.622427940 CET4434982835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.622689962 CET4434982835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.624870062 CET49828443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.624870062 CET49828443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.625082016 CET4434982835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.625150919 CET49828443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.676311970 CET44349829151.101.65.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.676372051 CET49829443192.168.2.6151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.679666996 CET49829443192.168.2.6151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.679672003 CET44349829151.101.65.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.680366039 CET44349829151.101.65.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.681772947 CET49829443192.168.2.6151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.681886911 CET49829443192.168.2.6151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.681952000 CET44349829151.101.65.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.688254118 CET49829443192.168.2.6151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.689745903 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.689799070 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.691483021 CET49834443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.691517115 CET4434983435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.692080975 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.692168951 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.692168951 CET49834443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.692183018 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.692296982 CET49834443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.692307949 CET4434983435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.693502903 CET49835443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.693512917 CET4434983535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.694268942 CET49835443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.694401979 CET49835443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.694411993 CET4434983535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.740559101 CET4434983035.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.740638018 CET49830443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.745623112 CET49830443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.745637894 CET4434983035.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.745740891 CET49830443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.745822906 CET4434983035.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.746098995 CET49830443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.759159088 CET49837443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.759202003 CET4434983734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.759327888 CET49837443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.759407043 CET49837443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.759416103 CET4434983734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.761529922 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.765314102 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.816119909 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.886527061 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.081357002 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.132654905 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.911734104 CET4434983535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.911817074 CET49835443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.915028095 CET49835443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.915040016 CET4434983535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.915385962 CET4434983535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.918129921 CET49835443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.918234110 CET49835443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.918332100 CET4434983535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.918412924 CET49835443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.921108961 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.997967005 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.998044968 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.000125885 CET4434983435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.000195980 CET49834443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.000770092 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.000778913 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.001008034 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.003511906 CET49834443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.003537893 CET4434983435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.003776073 CET4434983435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.007023096 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.007119894 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.007178068 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.007440090 CET49834443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.007524967 CET49834443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.007602930 CET4434983435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.007668018 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.007679939 CET49834443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.030689001 CET4434983734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.030755043 CET49837443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.033946037 CET49837443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.033952951 CET4434983734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.034221888 CET4434983734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.036377907 CET49837443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.036458969 CET49837443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.036513090 CET4434983734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.040354013 CET49837443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.040846109 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.255635023 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.258567095 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.305488110 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.378071070 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.573082924 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.621522903 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:55.656687021 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:55.776236057 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:55.989659071 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:55.992723942 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:56.036333084 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:56.112365961 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:56.307394981 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:56.352919102 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:03.849611044 CET49880443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:03.849663019 CET4434988034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:03.850202084 CET49880443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:03.851617098 CET49880443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:03.851639032 CET4434988034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.114845037 CET4434988034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.114978075 CET49880443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.118988037 CET49880443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.119012117 CET4434988034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.119121075 CET49880443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.119259119 CET4434988034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.119381905 CET49880443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.122148991 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.241770983 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.455348969 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.458458900 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.510672092 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.578139067 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.772994995 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.827219009 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611006021 CET49905443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611063004 CET4434990534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611183882 CET49906443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611222982 CET4434990634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611290932 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611305952 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611537933 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611573935 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611603975 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611628056 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611663103 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611670017 CET4434991034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611757994 CET49905443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611774921 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611778975 CET49906443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611788034 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611960888 CET49905443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611963034 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611963034 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.611970901 CET4434990534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612092018 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612108946 CET4434991034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612165928 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612185001 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612251997 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612272024 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612289906 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612298012 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612354994 CET49906443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.612369061 CET4434990634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.458947897 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.578828096 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.775417089 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.823656082 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.823812962 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.827065945 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.827092886 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.827337027 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.829380035 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.829502106 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.829533100 CET4434990934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.830049992 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.830110073 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.832910061 CET49909443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.832953930 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.833122969 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.833158970 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.833816051 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.870893955 CET4434990634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.871020079 CET49906443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.874355078 CET49906443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.874367952 CET4434990634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.874686003 CET4434990634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.875694036 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.875933886 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.878664970 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.878673077 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.879012108 CET4434991034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.879062891 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.879415035 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.881915092 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.881920099 CET4434991034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.882673979 CET4434991034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.883378983 CET49906443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.883524895 CET49906443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.883552074 CET4434990634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.884053946 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.884085894 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.886982918 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.887118101 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.887413979 CET4434990834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.888818979 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.888926029 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.889013052 CET4434991034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.889628887 CET49906443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.889659882 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.889676094 CET49908443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.889676094 CET49910443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.889682055 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.889792919 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.889803886 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.895786047 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.916076899 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.916079044 CET4434990534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.916225910 CET49905443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.916225910 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.919461012 CET49905443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.919492960 CET4434990534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.919831991 CET4434990534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.921957016 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.921969891 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.922178984 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.925633907 CET49905443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.925743103 CET49905443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.925896883 CET4434990534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.926053047 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.926171064 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.926194906 CET4434990734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.926279068 CET49905443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.926279068 CET49907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.953571081 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.166733980 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.169900894 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.207958937 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.289444923 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.484133005 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.530961990 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.089243889 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.089390993 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.092772007 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.092803955 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.093080997 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.095561028 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.095701933 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.095745087 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.095856905 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.098212957 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.196604967 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.196679115 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.199384928 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.199404955 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.200396061 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.201766968 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.201884031 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.202183008 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.202877998 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.217976093 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.431346893 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.434472084 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.480552912 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.554158926 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.749044895 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.797013998 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:27.439296961 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:27.559012890 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:27.762386084 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:27.882033110 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:37.567406893 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:37.687180042 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:37.890644073 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:38.010315895 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.357656956 CET49983443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.357696056 CET4434998334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.358628035 CET49983443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.360826015 CET49983443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.360851049 CET4434998334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.634753942 CET4434998334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.634975910 CET49983443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.639890909 CET49983443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.639904022 CET4434998334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.640057087 CET49983443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.640206099 CET4434998334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.640880108 CET49983443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.642787933 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.762320995 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.975492001 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.979661942 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:47.016783953 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:47.099478006 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:47.294392109 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:47.348967075 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:56.989860058 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:57.109426022 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:57.306303978 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:57.426664114 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:07.119302988 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:07.238943100 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:07.435841084 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:07.555552959 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:17.240719080 CET4975180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:17.360243082 CET804975134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:17.557277918 CET4975080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:17.676945925 CET804975034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:16.828794003 CET5518553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:16.829063892 CET5467953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:16.902657032 CET6523153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:16.914005995 CET5151553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.056072950 CET53551851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.086546898 CET6413753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.086957932 CET5799553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.088027954 CET5901253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.128518105 CET53652311.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.140563965 CET53515151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.313201904 CET53641371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.313236952 CET53579951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.313733101 CET53590121.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.317234039 CET5689253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.317468882 CET6226153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.317775965 CET5743953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.334296942 CET6497453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.543076038 CET53622611.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.543138981 CET53568921.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.544051886 CET53574391.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.547946930 CET5551453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.548160076 CET5735353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.548554897 CET5914953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.560547113 CET53649741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.774180889 CET53555141.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.774970055 CET5339153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.775098085 CET53591491.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.775363922 CET53573531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.775610924 CET5297953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.776015997 CET6316353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.000868082 CET53533911.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.001352072 CET53529791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.001915932 CET53631631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.002784967 CET5841653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.234683990 CET53584161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.237061024 CET6513953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.455665112 CET5414153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.456059933 CET6014753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.465425968 CET53651391.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.681746006 CET53541411.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.682024956 CET53601471.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.250186920 CET5294753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.264332056 CET5237353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.797599077 CET5502453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.946762085 CET53570751.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.023545027 CET53550241.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.024772882 CET5244353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.235008955 CET6439153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.250731945 CET53524431.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.269638062 CET5165753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.461518049 CET53643911.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.463347912 CET5707953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.473824978 CET5359553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.495842934 CET53516571.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.689030886 CET53570791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.693301916 CET5054653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.699491024 CET53535951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.701812029 CET5021053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.919625044 CET53505461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.927753925 CET53502101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.643958092 CET6326553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.873245001 CET53632651.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.290599108 CET5499553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.516345024 CET53549951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.519566059 CET6420153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.745837927 CET53642011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:28.947284937 CET5678853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.020423889 CET6027553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.023570061 CET5668253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.173481941 CET53567881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.249052048 CET53602751.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET53566821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.282465935 CET5736653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.284545898 CET5986353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.284990072 CET5023253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.510483980 CET53573661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.511472940 CET5245253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512491941 CET53598631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET53502321.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.513046980 CET6552953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.513302088 CET5478553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.739588976 CET53524521.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740329981 CET6134253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740348101 CET53655291.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740386009 CET53547851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740921974 CET5150853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.741117954 CET6042653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.966006994 CET53613421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.966728926 CET53604261.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.967093945 CET53515081.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.968614101 CET4957353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.968844891 CET5899353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.969173908 CET6470253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196064949 CET53589931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196089983 CET53647021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196101904 CET53495731.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196867943 CET5622853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.197505951 CET5164553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.423528910 CET53562281.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.424087048 CET53516451.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.543513060 CET5574953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.769459963 CET53557491.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.771302938 CET6129853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.999119043 CET53612981.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.177539110 CET6234253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.200911045 CET6163853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.403493881 CET53623421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.404449940 CET5774053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.405704975 CET6488453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.426842928 CET53616381.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.428116083 CET6514253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.630263090 CET53577401.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.631412983 CET53648841.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.632093906 CET5258753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.654014111 CET53651421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.655184031 CET5161053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.858540058 CET53525871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.882342100 CET53516101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:03.849737883 CET6444753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:04.076909065 CET53644471.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.122468948 CET5521253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.615102053 CET5491853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.840802908 CET53549181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.834309101 CET5927053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.129885912 CET6247253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.356081009 CET53624721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.358546019 CET6463053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.584561110 CET53646301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:16.828794003 CET192.168.2.61.1.1.10xc87bStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:16.829063892 CET192.168.2.61.1.1.10xc763Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:16.902657032 CET192.168.2.61.1.1.10x3606Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:16.914005995 CET192.168.2.61.1.1.10xc084Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.086546898 CET192.168.2.61.1.1.10xaa20Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.086957932 CET192.168.2.61.1.1.10xb42Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.088027954 CET192.168.2.61.1.1.10x1586Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.317234039 CET192.168.2.61.1.1.10xcdedStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.317468882 CET192.168.2.61.1.1.10x87f7Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.317775965 CET192.168.2.61.1.1.10x5be6Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.334296942 CET192.168.2.61.1.1.10x438aStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.547946930 CET192.168.2.61.1.1.10x726aStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.548160076 CET192.168.2.61.1.1.10x53c1Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.548554897 CET192.168.2.61.1.1.10xc7f5Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.774970055 CET192.168.2.61.1.1.10x33d0Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.775610924 CET192.168.2.61.1.1.10xe0a0Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.776015997 CET192.168.2.61.1.1.10x1bc1Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.002784967 CET192.168.2.61.1.1.10x302bStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.237061024 CET192.168.2.61.1.1.10x2d59Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.455665112 CET192.168.2.61.1.1.10x5d93Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.456059933 CET192.168.2.61.1.1.10x20c1Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.250186920 CET192.168.2.61.1.1.10xc4e7Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.264332056 CET192.168.2.61.1.1.10x631eStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.797599077 CET192.168.2.61.1.1.10xb0f0Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.024772882 CET192.168.2.61.1.1.10x3f87Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.235008955 CET192.168.2.61.1.1.10x8718Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.269638062 CET192.168.2.61.1.1.10x8c60Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.463347912 CET192.168.2.61.1.1.10xfd57Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.473824978 CET192.168.2.61.1.1.10x9d04Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.693301916 CET192.168.2.61.1.1.10xacbStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.701812029 CET192.168.2.61.1.1.10x1e64Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.643958092 CET192.168.2.61.1.1.10x218bStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.290599108 CET192.168.2.61.1.1.10x83bStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.519566059 CET192.168.2.61.1.1.10x4970Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:28.947284937 CET192.168.2.61.1.1.10x64ffStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.020423889 CET192.168.2.61.1.1.10x9adeStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.023570061 CET192.168.2.61.1.1.10x528Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.282465935 CET192.168.2.61.1.1.10x3af9Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.284545898 CET192.168.2.61.1.1.10x84Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.284990072 CET192.168.2.61.1.1.10x932eStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.511472940 CET192.168.2.61.1.1.10x76a9Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.513046980 CET192.168.2.61.1.1.10x3112Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.513302088 CET192.168.2.61.1.1.10x1645Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740329981 CET192.168.2.61.1.1.10xc9beStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740921974 CET192.168.2.61.1.1.10x78d8Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.741117954 CET192.168.2.61.1.1.10x50d9Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.968614101 CET192.168.2.61.1.1.10x2065Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.968844891 CET192.168.2.61.1.1.10x9896Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.969173908 CET192.168.2.61.1.1.10x83abStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196867943 CET192.168.2.61.1.1.10x3065Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.197505951 CET192.168.2.61.1.1.10x9c3bStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.543513060 CET192.168.2.61.1.1.10x6512Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.771302938 CET192.168.2.61.1.1.10x2f5Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.177539110 CET192.168.2.61.1.1.10x2145Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.200911045 CET192.168.2.61.1.1.10x234fStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.404449940 CET192.168.2.61.1.1.10xd45fStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.405704975 CET192.168.2.61.1.1.10x48bStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.428116083 CET192.168.2.61.1.1.10xe59Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.632093906 CET192.168.2.61.1.1.10x42f9Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.655184031 CET192.168.2.61.1.1.10x6272Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:03.849737883 CET192.168.2.61.1.1.10x888Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.122468948 CET192.168.2.61.1.1.10xf02bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.615102053 CET192.168.2.61.1.1.10x8b14Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.834309101 CET192.168.2.61.1.1.10xf04cStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.129885912 CET192.168.2.61.1.1.10x9b8cStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.358546019 CET192.168.2.61.1.1.10xdae8Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.055991888 CET1.1.1.1192.168.2.60x7aa4No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.056035995 CET1.1.1.1192.168.2.60xc763No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.056035995 CET1.1.1.1192.168.2.60xc763No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.056072950 CET1.1.1.1192.168.2.60xc87bNo error (0)youtube.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.128518105 CET1.1.1.1192.168.2.60x3606No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.130069971 CET1.1.1.1192.168.2.60xa0a6No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.130069971 CET1.1.1.1192.168.2.60xa0a6No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.140563965 CET1.1.1.1192.168.2.60xc084No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.140563965 CET1.1.1.1192.168.2.60xc084No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.313201904 CET1.1.1.1192.168.2.60xaa20No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.313236952 CET1.1.1.1192.168.2.60xb42No error (0)youtube.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.313733101 CET1.1.1.1192.168.2.60x1586No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.543076038 CET1.1.1.1192.168.2.60x87f7No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.543138981 CET1.1.1.1192.168.2.60xcdedNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.560547113 CET1.1.1.1192.168.2.60x438aNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.560547113 CET1.1.1.1192.168.2.60x438aNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.560547113 CET1.1.1.1192.168.2.60x438aNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.774180889 CET1.1.1.1192.168.2.60x726aNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.775098085 CET1.1.1.1192.168.2.60xc7f5No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.775363922 CET1.1.1.1192.168.2.60x53c1No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.234683990 CET1.1.1.1192.168.2.60x302bNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.465425968 CET1.1.1.1192.168.2.60x2d59No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.681746006 CET1.1.1.1192.168.2.60x5d93No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.682024956 CET1.1.1.1192.168.2.60x20c1No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.682024956 CET1.1.1.1192.168.2.60x20c1No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.476650000 CET1.1.1.1192.168.2.60xc4e7No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.476650000 CET1.1.1.1192.168.2.60xc4e7No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.491458893 CET1.1.1.1192.168.2.60x631eNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.023545027 CET1.1.1.1192.168.2.60xb0f0No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.250731945 CET1.1.1.1192.168.2.60x3f87No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.461518049 CET1.1.1.1192.168.2.60x8718No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.461518049 CET1.1.1.1192.168.2.60x8718No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.472697973 CET1.1.1.1192.168.2.60x2273No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.473396063 CET1.1.1.1192.168.2.60x4dbfNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.473396063 CET1.1.1.1192.168.2.60x4dbfNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.689030886 CET1.1.1.1192.168.2.60xfd57No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.699491024 CET1.1.1.1192.168.2.60x9d04No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.873245001 CET1.1.1.1192.168.2.60x218bNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.873245001 CET1.1.1.1192.168.2.60x218bNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.873245001 CET1.1.1.1192.168.2.60x218bNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.029614925 CET1.1.1.1192.168.2.60x1ad2No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.516345024 CET1.1.1.1192.168.2.60x83bNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.249052048 CET1.1.1.1192.168.2.60x9adeNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.249052048 CET1.1.1.1192.168.2.60x9adeNo error (0)star-mini.c10r.facebook.com157.240.251.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:29.251816988 CET1.1.1.1192.168.2.60x528No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.510483980 CET1.1.1.1192.168.2.60x3af9No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.510483980 CET1.1.1.1192.168.2.60x3af9No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512491941 CET1.1.1.1192.168.2.60x84No error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.512538910 CET1.1.1.1192.168.2.60x932eNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.739588976 CET1.1.1.1192.168.2.60x76a9No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740348101 CET1.1.1.1192.168.2.60x3112No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740386009 CET1.1.1.1192.168.2.60x1645No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740386009 CET1.1.1.1192.168.2.60x1645No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740386009 CET1.1.1.1192.168.2.60x1645No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.740386009 CET1.1.1.1192.168.2.60x1645No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.966006994 CET1.1.1.1192.168.2.60xc9beNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.966728926 CET1.1.1.1192.168.2.60x50d9No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.967093945 CET1.1.1.1192.168.2.60x78d8No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.967093945 CET1.1.1.1192.168.2.60x78d8No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.967093945 CET1.1.1.1192.168.2.60x78d8No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.967093945 CET1.1.1.1192.168.2.60x78d8No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.967093945 CET1.1.1.1192.168.2.60x78d8No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196064949 CET1.1.1.1192.168.2.60x9896No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196101904 CET1.1.1.1192.168.2.60x2065No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196101904 CET1.1.1.1192.168.2.60x2065No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196101904 CET1.1.1.1192.168.2.60x2065No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:31.196101904 CET1.1.1.1192.168.2.60x2065No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:42.769459963 CET1.1.1.1192.168.2.60x6512No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.402858019 CET1.1.1.1192.168.2.60x8817No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.402858019 CET1.1.1.1192.168.2.60x8817No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.403493881 CET1.1.1.1192.168.2.60x2145No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.403493881 CET1.1.1.1192.168.2.60x2145No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.403493881 CET1.1.1.1192.168.2.60x2145No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.403493881 CET1.1.1.1192.168.2.60x2145No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.426842928 CET1.1.1.1192.168.2.60x234fNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.426842928 CET1.1.1.1192.168.2.60x234fNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.631412983 CET1.1.1.1192.168.2.60x48bNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.631412983 CET1.1.1.1192.168.2.60x48bNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.631412983 CET1.1.1.1192.168.2.60x48bNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.631412983 CET1.1.1.1192.168.2.60x48bNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.654014111 CET1.1.1.1192.168.2.60xe59No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.858540058 CET1.1.1.1192.168.2.60x42f9No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.858540058 CET1.1.1.1192.168.2.60x42f9No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.858540058 CET1.1.1.1192.168.2.60x42f9No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.858540058 CET1.1.1.1192.168.2.60x42f9No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.243645906 CET1.1.1.1192.168.2.60x7867No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.243645906 CET1.1.1.1192.168.2.60x7867No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.348674059 CET1.1.1.1192.168.2.60xf02bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.348674059 CET1.1.1.1192.168.2.60xf02bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:14.607718945 CET1.1.1.1192.168.2.60xe8e0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.060107946 CET1.1.1.1192.168.2.60xf04cNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.060107946 CET1.1.1.1192.168.2.60xf04cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:45.356081009 CET1.1.1.1192.168.2.60x9b8cNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              • detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              0192.168.2.64973534.107.221.82804540C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:17.208477974 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:18.385818005 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81887
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              1192.168.2.64975034.107.221.82804540C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.598114014 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.685151100 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47422
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.790923119 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:21.105190992 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47422
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.287882090 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.601948023 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47432
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.532304049 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.846936941 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47434
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.214147091 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:33.528429985 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47435
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.398058891 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.712496996 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47436
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.160708904 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.476152897 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47446
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.765314102 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.081357002 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47447
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.258567095 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.573082924 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47449
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:55.992723942 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:56.307394981 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47458
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.458458900 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.772994995 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47467
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.775417089 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.169900894 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.484133005 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47478
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.434472084 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.749044895 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47479
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:27.762386084 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:37.890644073 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.979661942 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:47.294392109 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 47509
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:57.306303978 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:07.435841084 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:17.557277918 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              2192.168.2.64975134.107.221.82804540C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:19.598252058 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:20.775091887 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81889
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:23.684149981 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:24.018027067 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81892
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.471613884 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:30.805439949 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81899
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.628591061 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:32.961587906 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81901
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.059089899 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:34.391825914 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81903
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:43.817053080 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:44.150191069 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81912
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.428658009 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:45.761529922 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81914
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:46.921108961 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:47.255635023 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81916
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:55.656687021 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:03:55.989659071 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81924
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.122148991 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:05.455348969 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81934
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.458947897 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:15.833816051 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:16.166733980 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81945
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.098212957 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:17.431346893 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81946
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:27.439296961 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:37.567406893 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.642787933 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:46.975492001 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 11:18:31 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 81975
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:04:56.989860058 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:07.119302988 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 11:05:17.240719080 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:07
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x680000
                                                                                                                                                                                                                                                                                                                                                                              File size:922'624 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:A946E9443C4FBB7CBFBCA8667C099696
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf70000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:10
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf70000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:10
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:10
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf70000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:10
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:10
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf70000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:10
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:11
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xf70000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:11
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:11
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:11
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:11
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:12
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3f1fe9-29b5-44a7-92d0-ccc1cf2e6846} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2b926f310 socket
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:14
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3424 -parentBuildID 20230927232528 -prefsHandle 3656 -prefMapHandle 3416 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1945997-5213-478c-a830-2cea8a37ed43} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2cb764f10 rdd
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                                                                                                                                              Start time:05:03:19
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {526b2fdc-0c3a-45ce-a3ce-77acb2c614cf} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1f2d1852510 utility
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                Execution Coverage:2.1%
                                                                                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                Signature Coverage:6.7%
                                                                                                                                                                                                                                                                                                                                                                                Total number of Nodes:1580
                                                                                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:54
                                                                                                                                                                                                                                                                                                                                                                                execution_graph 94278 712a55 94286 6f1ebc 94278->94286 94281 712a70 94288 6e39c0 22 API calls 94281->94288 94283 712a7c 94289 6e417d 22 API calls __fread_nolock 94283->94289 94285 712a87 94287 6f1ec3 IsWindow 94286->94287 94287->94281 94287->94285 94288->94283 94289->94285 94290 681cad SystemParametersInfoW 94291 6b8402 94296 6b81be 94291->94296 94293 6b842a 94301 6b81ef try_get_first_available_module 94296->94301 94298 6b83ee 94315 6b27ec 26 API calls pre_c_initialization 94298->94315 94300 6b8343 94300->94293 94308 6c0984 94300->94308 94301->94301 94304 6b8338 94301->94304 94311 6a8e0b 40 API calls 2 library calls 94301->94311 94303 6b838c 94303->94304 94312 6a8e0b 40 API calls 2 library calls 94303->94312 94304->94300 94314 6af2d9 20 API calls __dosmaperr 94304->94314 94306 6b83ab 94306->94304 94313 6a8e0b 40 API calls 2 library calls 94306->94313 94316 6c0081 94308->94316 94310 6c099f 94310->94293 94311->94303 94312->94306 94313->94304 94314->94298 94315->94300 94319 6c008d ___DestructExceptionObject 94316->94319 94317 6c009b 94374 6af2d9 20 API calls __dosmaperr 94317->94374 94319->94317 94320 6c00d4 94319->94320 94327 6c065b 94320->94327 94321 6c00a0 94375 6b27ec 26 API calls pre_c_initialization 94321->94375 94326 6c00aa __fread_nolock 94326->94310 94377 6c042f 94327->94377 94330 6c068d 94409 6af2c6 20 API calls __dosmaperr 94330->94409 94331 6c06a6 94395 6b5221 94331->94395 94334 6c0692 94410 6af2d9 20 API calls __dosmaperr 94334->94410 94335 6c06ab 94336 6c06cb 94335->94336 94337 6c06b4 94335->94337 94408 6c039a CreateFileW 94336->94408 94411 6af2c6 20 API calls __dosmaperr 94337->94411 94341 6c06b9 94412 6af2d9 20 API calls __dosmaperr 94341->94412 94343 6c0781 GetFileType 94345 6c078c GetLastError 94343->94345 94346 6c07d3 94343->94346 94344 6c0756 GetLastError 94414 6af2a3 20 API calls 2 library calls 94344->94414 94415 6af2a3 20 API calls 2 library calls 94345->94415 94417 6b516a 21 API calls 3 library calls 94346->94417 94347 6c0704 94347->94343 94347->94344 94413 6c039a CreateFileW 94347->94413 94350 6c079a CloseHandle 94350->94334 94352 6c07c3 94350->94352 94416 6af2d9 20 API calls __dosmaperr 94352->94416 94354 6c0749 94354->94343 94354->94344 94356 6c07f4 94358 6c0840 94356->94358 94418 6c05ab 72 API calls 4 library calls 94356->94418 94357 6c07c8 94357->94334 94362 6c086d 94358->94362 94419 6c014d 72 API calls 4 library calls 94358->94419 94361 6c0866 94361->94362 94363 6c087e 94361->94363 94420 6b86ae 94362->94420 94365 6c00f8 94363->94365 94366 6c08fc CloseHandle 94363->94366 94376 6c0121 LeaveCriticalSection __wsopen_s 94365->94376 94435 6c039a CreateFileW 94366->94435 94368 6c0927 94369 6c0931 GetLastError 94368->94369 94370 6c095d 94368->94370 94436 6af2a3 20 API calls 2 library calls 94369->94436 94370->94365 94372 6c093d 94437 6b5333 21 API calls 3 library calls 94372->94437 94374->94321 94375->94326 94376->94326 94378 6c046a 94377->94378 94379 6c0450 94377->94379 94438 6c03bf 94378->94438 94379->94378 94445 6af2d9 20 API calls __dosmaperr 94379->94445 94382 6c04a2 94392 6c04d1 94382->94392 94447 6af2d9 20 API calls __dosmaperr 94382->94447 94383 6c045f 94446 6b27ec 26 API calls pre_c_initialization 94383->94446 94387 6c051f 94389 6c059e 94387->94389 94393 6c0524 94387->94393 94388 6c04c6 94448 6b27ec 26 API calls pre_c_initialization 94388->94448 94450 6b27fc 11 API calls _abort 94389->94450 94392->94393 94449 6ad70d 26 API calls 2 library calls 94392->94449 94393->94330 94393->94331 94394 6c05aa 94396 6b522d ___DestructExceptionObject 94395->94396 94453 6b2f5e EnterCriticalSection 94396->94453 94399 6b5259 94457 6b5000 94399->94457 94400 6b5234 94400->94399 94404 6b52c7 EnterCriticalSection 94400->94404 94407 6b527b 94400->94407 94401 6b52a4 __fread_nolock 94401->94335 94405 6b52d4 LeaveCriticalSection 94404->94405 94404->94407 94405->94400 94454 6b532a 94407->94454 94408->94347 94409->94334 94410->94365 94411->94341 94412->94334 94413->94354 94414->94334 94415->94350 94416->94357 94417->94356 94418->94358 94419->94361 94483 6b53c4 94420->94483 94422 6b86c4 94496 6b5333 21 API calls 3 library calls 94422->94496 94423 6b86be 94423->94422 94424 6b86f6 94423->94424 94426 6b53c4 __wsopen_s 26 API calls 94423->94426 94424->94422 94427 6b53c4 __wsopen_s 26 API calls 94424->94427 94430 6b86ed 94426->94430 94431 6b8702 CloseHandle 94427->94431 94428 6b871c 94429 6b873e 94428->94429 94497 6af2a3 20 API calls 2 library calls 94428->94497 94429->94365 94433 6b53c4 __wsopen_s 26 API calls 94430->94433 94431->94422 94434 6b870e GetLastError 94431->94434 94433->94424 94434->94422 94435->94368 94436->94372 94437->94370 94440 6c03d7 94438->94440 94439 6c03f2 94439->94382 94440->94439 94451 6af2d9 20 API calls __dosmaperr 94440->94451 94442 6c0416 94452 6b27ec 26 API calls pre_c_initialization 94442->94452 94444 6c0421 94444->94382 94445->94383 94446->94378 94447->94388 94448->94392 94449->94387 94450->94394 94451->94442 94452->94444 94453->94400 94465 6b2fa6 LeaveCriticalSection 94454->94465 94456 6b5331 94456->94401 94466 6b4c7d 94457->94466 94459 6b501f 94474 6b29c8 94459->94474 94460 6b5012 94460->94459 94473 6b3405 11 API calls 2 library calls 94460->94473 94463 6b5071 94463->94407 94464 6b5147 EnterCriticalSection 94463->94464 94464->94407 94465->94456 94471 6b4c8a __dosmaperr 94466->94471 94467 6b4cca 94481 6af2d9 20 API calls __dosmaperr 94467->94481 94468 6b4cb5 RtlAllocateHeap 94469 6b4cc8 94468->94469 94468->94471 94469->94460 94471->94467 94471->94468 94480 6a4ead 7 API calls 2 library calls 94471->94480 94473->94460 94475 6b29d3 RtlFreeHeap 94474->94475 94476 6b29fc _free 94474->94476 94475->94476 94477 6b29e8 94475->94477 94476->94463 94482 6af2d9 20 API calls __dosmaperr 94477->94482 94479 6b29ee GetLastError 94479->94476 94480->94471 94481->94469 94482->94479 94484 6b53d1 94483->94484 94485 6b53e6 94483->94485 94498 6af2c6 20 API calls __dosmaperr 94484->94498 94490 6b540b 94485->94490 94500 6af2c6 20 API calls __dosmaperr 94485->94500 94487 6b53d6 94499 6af2d9 20 API calls __dosmaperr 94487->94499 94490->94423 94491 6b5416 94501 6af2d9 20 API calls __dosmaperr 94491->94501 94492 6b53de 94492->94423 94494 6b541e 94502 6b27ec 26 API calls pre_c_initialization 94494->94502 94496->94428 94497->94429 94498->94487 94499->94492 94500->94491 94501->94494 94502->94492 94503 6c2ba5 94504 6c2baf 94503->94504 94505 682b25 94503->94505 94549 683a5a 94504->94549 94531 682b83 7 API calls 94505->94531 94509 6c2bb8 94556 689cb3 94509->94556 94512 682b2f 94522 682b44 94512->94522 94535 683837 94512->94535 94513 6c2bc6 94514 6c2bce 94513->94514 94515 6c2bf5 94513->94515 94562 6833c6 94514->94562 94517 6833c6 22 API calls 94515->94517 94520 6c2bf1 GetForegroundWindow ShellExecuteW 94517->94520 94527 6c2c26 94520->94527 94523 682b5f 94522->94523 94545 6830f2 94522->94545 94529 682b66 SetCurrentDirectoryW 94523->94529 94525 6c2be7 94528 6833c6 22 API calls 94525->94528 94527->94523 94528->94520 94530 682b7a 94529->94530 94572 682cd4 7 API calls 94531->94572 94533 682b2a 94534 682c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 94533->94534 94534->94512 94536 683862 ___scrt_fastfail 94535->94536 94573 684212 94536->94573 94539 6838e8 94541 6c3386 Shell_NotifyIconW 94539->94541 94542 683906 Shell_NotifyIconW 94539->94542 94577 683923 94542->94577 94544 68391c 94544->94522 94546 683154 94545->94546 94547 683104 ___scrt_fastfail 94545->94547 94546->94523 94548 683123 Shell_NotifyIconW 94547->94548 94548->94546 94669 6c1f50 94549->94669 94552 689cb3 22 API calls 94553 683a8d 94552->94553 94671 683aa2 94553->94671 94555 683a97 94555->94509 94557 689cc2 _wcslen 94556->94557 94558 69fe0b 22 API calls 94557->94558 94559 689cea __fread_nolock 94558->94559 94560 69fddb 22 API calls 94559->94560 94561 689d00 94560->94561 94561->94513 94563 6833dd 94562->94563 94564 6c30bb 94562->94564 94691 6833ee 94563->94691 94566 69fddb 22 API calls 94564->94566 94568 6c30c5 _wcslen 94566->94568 94567 6833e8 94571 686350 22 API calls 94567->94571 94569 69fe0b 22 API calls 94568->94569 94570 6c30fe __fread_nolock 94569->94570 94571->94525 94572->94533 94574 6c35a4 94573->94574 94575 6838b7 94573->94575 94574->94575 94576 6c35ad DestroyIcon 94574->94576 94575->94539 94599 6ec874 42 API calls _strftime 94575->94599 94576->94575 94578 68393f 94577->94578 94579 683a13 94577->94579 94600 686270 94578->94600 94579->94544 94582 68395a 94605 686b57 94582->94605 94583 6c3393 LoadStringW 94585 6c33ad 94583->94585 94593 683994 ___scrt_fastfail 94585->94593 94618 68a8c7 94585->94618 94586 68396f 94587 68397c 94586->94587 94588 6c33c9 94586->94588 94587->94585 94590 683986 94587->94590 94622 686350 22 API calls 94588->94622 94617 686350 22 API calls 94590->94617 94596 6839f9 Shell_NotifyIconW 94593->94596 94594 6c33d7 94594->94593 94595 6833c6 22 API calls 94594->94595 94597 6c33f9 94595->94597 94596->94579 94598 6833c6 22 API calls 94597->94598 94598->94593 94599->94539 94623 69fe0b 94600->94623 94602 686295 94633 69fddb 94602->94633 94604 68394d 94604->94582 94604->94583 94606 6c4ba1 94605->94606 94607 686b67 _wcslen 94605->94607 94659 6893b2 94606->94659 94610 686b7d 94607->94610 94611 686ba2 94607->94611 94609 6c4baa 94609->94609 94658 686f34 22 API calls 94610->94658 94612 69fddb 22 API calls 94611->94612 94614 686bae 94612->94614 94616 69fe0b 22 API calls 94614->94616 94615 686b85 __fread_nolock 94615->94586 94616->94615 94617->94593 94619 68a8ea __fread_nolock 94618->94619 94620 68a8db 94618->94620 94619->94593 94620->94619 94621 69fe0b 22 API calls 94620->94621 94621->94619 94622->94594 94624 69fddb 94623->94624 94626 69fdfa 94624->94626 94629 69fdfc 94624->94629 94643 6aea0c 94624->94643 94650 6a4ead 7 API calls 2 library calls 94624->94650 94626->94602 94628 6a066d 94652 6a32a4 RaiseException 94628->94652 94629->94628 94651 6a32a4 RaiseException 94629->94651 94632 6a068a 94632->94602 94636 69fde0 94633->94636 94634 6aea0c ___std_exception_copy 21 API calls 94634->94636 94635 69fdfa 94635->94604 94636->94634 94636->94635 94639 69fdfc 94636->94639 94655 6a4ead 7 API calls 2 library calls 94636->94655 94638 6a066d 94657 6a32a4 RaiseException 94638->94657 94639->94638 94656 6a32a4 RaiseException 94639->94656 94642 6a068a 94642->94604 94649 6b3820 __dosmaperr 94643->94649 94644 6b385e 94654 6af2d9 20 API calls __dosmaperr 94644->94654 94646 6b3849 RtlAllocateHeap 94647 6b385c 94646->94647 94646->94649 94647->94624 94649->94644 94649->94646 94653 6a4ead 7 API calls 2 library calls 94649->94653 94650->94624 94651->94628 94652->94632 94653->94649 94654->94647 94655->94636 94656->94638 94657->94642 94658->94615 94660 6893c0 94659->94660 94662 6893c9 __fread_nolock 94659->94662 94660->94662 94663 68aec9 94660->94663 94662->94609 94664 68aedc 94663->94664 94668 68aed9 __fread_nolock 94663->94668 94665 69fddb 22 API calls 94664->94665 94666 68aee7 94665->94666 94667 69fe0b 22 API calls 94666->94667 94667->94668 94668->94662 94670 683a67 GetModuleFileNameW 94669->94670 94670->94552 94672 6c1f50 __wsopen_s 94671->94672 94673 683aaf GetFullPathNameW 94672->94673 94674 683ae9 94673->94674 94675 683ace 94673->94675 94685 68a6c3 94674->94685 94676 686b57 22 API calls 94675->94676 94678 683ada 94676->94678 94681 6837a0 94678->94681 94682 6837ae 94681->94682 94683 6893b2 22 API calls 94682->94683 94684 6837c2 94683->94684 94684->94555 94686 68a6dd 94685->94686 94690 68a6d0 94685->94690 94687 69fddb 22 API calls 94686->94687 94688 68a6e7 94687->94688 94689 69fe0b 22 API calls 94688->94689 94689->94690 94690->94678 94692 6833fe _wcslen 94691->94692 94693 6c311d 94692->94693 94694 683411 94692->94694 94696 69fddb 22 API calls 94693->94696 94701 68a587 94694->94701 94698 6c3127 94696->94698 94697 68341e __fread_nolock 94697->94567 94699 69fe0b 22 API calls 94698->94699 94700 6c3157 __fread_nolock 94699->94700 94702 68a59d 94701->94702 94705 68a598 __fread_nolock 94701->94705 94703 6cf80f 94702->94703 94704 69fe0b 22 API calls 94702->94704 94704->94705 94705->94697 94706 682de3 94707 682df0 __wsopen_s 94706->94707 94708 682e09 94707->94708 94709 6c2c2b ___scrt_fastfail 94707->94709 94710 683aa2 23 API calls 94708->94710 94712 6c2c47 GetOpenFileNameW 94709->94712 94711 682e12 94710->94711 94722 682da5 94711->94722 94714 6c2c96 94712->94714 94715 686b57 22 API calls 94714->94715 94717 6c2cab 94715->94717 94717->94717 94719 682e27 94740 6844a8 94719->94740 94723 6c1f50 __wsopen_s 94722->94723 94724 682db2 GetLongPathNameW 94723->94724 94725 686b57 22 API calls 94724->94725 94726 682dda 94725->94726 94727 683598 94726->94727 94769 68a961 94727->94769 94730 683aa2 23 API calls 94731 6835b5 94730->94731 94732 6c32eb 94731->94732 94733 6835c0 94731->94733 94737 6c330d 94732->94737 94786 69ce60 41 API calls 94732->94786 94774 68515f 94733->94774 94739 6835df 94739->94719 94787 684ecb 94740->94787 94743 6c3833 94809 6f2cf9 94743->94809 94744 684ecb 94 API calls 94746 6844e1 94744->94746 94746->94743 94748 6844e9 94746->94748 94747 6c3848 94749 6c384c 94747->94749 94750 6c3869 94747->94750 94752 6c3854 94748->94752 94753 6844f5 94748->94753 94836 684f39 94749->94836 94751 69fe0b 22 API calls 94750->94751 94768 6c38ae 94751->94768 94842 6eda5a 82 API calls 94752->94842 94835 68940c 136 API calls 2 library calls 94753->94835 94757 682e31 94758 6c3862 94758->94750 94759 684f39 68 API calls 94762 6c3a5f 94759->94762 94762->94759 94848 6e989b 82 API calls __wsopen_s 94762->94848 94765 689cb3 22 API calls 94765->94768 94768->94762 94768->94765 94843 6e967e 22 API calls __fread_nolock 94768->94843 94844 6e95ad 42 API calls _wcslen 94768->94844 94845 6f0b5a 22 API calls 94768->94845 94846 68a4a1 22 API calls __fread_nolock 94768->94846 94847 683ff7 22 API calls 94768->94847 94770 69fe0b 22 API calls 94769->94770 94771 68a976 94770->94771 94772 69fddb 22 API calls 94771->94772 94773 6835aa 94772->94773 94773->94730 94775 68516e 94774->94775 94779 68518f __fread_nolock 94774->94779 94778 69fe0b 22 API calls 94775->94778 94776 69fddb 22 API calls 94777 6835cc 94776->94777 94780 6835f3 94777->94780 94778->94779 94779->94776 94781 683605 94780->94781 94785 683624 __fread_nolock 94780->94785 94783 69fe0b 22 API calls 94781->94783 94782 69fddb 22 API calls 94784 68363b 94782->94784 94783->94785 94784->94739 94785->94782 94786->94732 94849 684e90 LoadLibraryA 94787->94849 94792 6c3ccf 94794 684f39 68 API calls 94792->94794 94793 684ef6 LoadLibraryExW 94857 684e59 LoadLibraryA 94793->94857 94796 6c3cd6 94794->94796 94798 684e59 3 API calls 94796->94798 94800 6c3cde 94798->94800 94879 6850f5 40 API calls __fread_nolock 94800->94879 94801 684f20 94801->94800 94802 684f2c 94801->94802 94803 684f39 68 API calls 94802->94803 94805 6844cd 94803->94805 94805->94743 94805->94744 94806 6c3cf5 94880 6f28fe 27 API calls 94806->94880 94808 6c3d05 94810 6f2d15 94809->94810 94947 68511f 64 API calls 94810->94947 94812 6f2d29 94948 6f2e66 75 API calls 94812->94948 94814 6f2d3b 94832 6f2d3f 94814->94832 94949 6850f5 40 API calls __fread_nolock 94814->94949 94816 6f2d56 94950 6850f5 40 API calls __fread_nolock 94816->94950 94818 6f2d66 94951 6850f5 40 API calls __fread_nolock 94818->94951 94820 6f2d81 94952 6850f5 40 API calls __fread_nolock 94820->94952 94822 6f2d9c 94953 68511f 64 API calls 94822->94953 94824 6f2db3 94825 6aea0c ___std_exception_copy 21 API calls 94824->94825 94826 6f2dba 94825->94826 94827 6aea0c ___std_exception_copy 21 API calls 94826->94827 94828 6f2dc4 94827->94828 94954 6850f5 40 API calls __fread_nolock 94828->94954 94830 6f2dd8 94955 6f28fe 27 API calls 94830->94955 94832->94747 94833 6f2dee 94833->94832 94956 6f22ce 79 API calls 94833->94956 94835->94757 94837 684f43 94836->94837 94839 684f4a 94836->94839 94957 6ae678 94837->94957 94840 684f59 94839->94840 94841 684f6a FreeLibrary 94839->94841 94840->94752 94841->94840 94842->94758 94843->94768 94844->94768 94845->94768 94846->94768 94847->94768 94848->94762 94850 684ea8 GetProcAddress 94849->94850 94851 684ec6 94849->94851 94852 684eb8 94850->94852 94854 6ae5eb 94851->94854 94852->94851 94853 684ebf FreeLibrary 94852->94853 94853->94851 94881 6ae52a 94854->94881 94856 684eea 94856->94792 94856->94793 94858 684e8d 94857->94858 94859 684e6e GetProcAddress 94857->94859 94862 684f80 94858->94862 94860 684e7e 94859->94860 94860->94858 94861 684e86 FreeLibrary 94860->94861 94861->94858 94863 69fe0b 22 API calls 94862->94863 94864 684f95 94863->94864 94933 685722 94864->94933 94866 684fa1 __fread_nolock 94867 6c3d1d 94866->94867 94868 6850a5 94866->94868 94878 684fdc 94866->94878 94944 6f304d 74 API calls 94867->94944 94936 6842a2 CreateStreamOnHGlobal 94868->94936 94871 6c3d22 94945 68511f 64 API calls 94871->94945 94874 6c3d45 94946 6850f5 40 API calls __fread_nolock 94874->94946 94877 68506e messages 94877->94801 94878->94871 94878->94877 94942 6850f5 40 API calls __fread_nolock 94878->94942 94943 68511f 64 API calls 94878->94943 94879->94806 94880->94808 94884 6ae536 ___DestructExceptionObject 94881->94884 94882 6ae544 94906 6af2d9 20 API calls __dosmaperr 94882->94906 94884->94882 94886 6ae574 94884->94886 94885 6ae549 94907 6b27ec 26 API calls pre_c_initialization 94885->94907 94888 6ae579 94886->94888 94889 6ae586 94886->94889 94908 6af2d9 20 API calls __dosmaperr 94888->94908 94898 6b8061 94889->94898 94892 6ae554 __fread_nolock 94892->94856 94893 6ae58f 94894 6ae5a2 94893->94894 94895 6ae595 94893->94895 94910 6ae5d4 LeaveCriticalSection __fread_nolock 94894->94910 94909 6af2d9 20 API calls __dosmaperr 94895->94909 94899 6b806d ___DestructExceptionObject 94898->94899 94911 6b2f5e EnterCriticalSection 94899->94911 94901 6b807b 94912 6b80fb 94901->94912 94905 6b80ac __fread_nolock 94905->94893 94906->94885 94907->94892 94908->94892 94909->94892 94910->94892 94911->94901 94919 6b811e 94912->94919 94913 6b8088 94925 6b80b7 94913->94925 94914 6b8177 94915 6b4c7d __dosmaperr 20 API calls 94914->94915 94916 6b8180 94915->94916 94918 6b29c8 _free 20 API calls 94916->94918 94920 6b8189 94918->94920 94919->94913 94919->94914 94928 6a918d EnterCriticalSection 94919->94928 94929 6a91a1 LeaveCriticalSection 94919->94929 94920->94913 94930 6b3405 11 API calls 2 library calls 94920->94930 94923 6b81a8 94931 6a918d EnterCriticalSection 94923->94931 94932 6b2fa6 LeaveCriticalSection 94925->94932 94927 6b80be 94927->94905 94928->94919 94929->94919 94930->94923 94931->94913 94932->94927 94934 69fddb 22 API calls 94933->94934 94935 685734 94934->94935 94935->94866 94937 6842bc FindResourceExW 94936->94937 94941 6842d9 94936->94941 94938 6c35ba LoadResource 94937->94938 94937->94941 94939 6c35cf SizeofResource 94938->94939 94938->94941 94940 6c35e3 LockResource 94939->94940 94939->94941 94940->94941 94941->94878 94942->94878 94943->94878 94944->94871 94945->94874 94946->94877 94947->94812 94948->94814 94949->94816 94950->94818 94951->94820 94952->94822 94953->94824 94954->94830 94955->94833 94956->94832 94958 6ae684 ___DestructExceptionObject 94957->94958 94959 6ae6aa 94958->94959 94960 6ae695 94958->94960 94969 6ae6a5 __fread_nolock 94959->94969 94972 6a918d EnterCriticalSection 94959->94972 94970 6af2d9 20 API calls __dosmaperr 94960->94970 94963 6ae69a 94971 6b27ec 26 API calls pre_c_initialization 94963->94971 94964 6ae6c6 94973 6ae602 94964->94973 94967 6ae6d1 94989 6ae6ee LeaveCriticalSection __fread_nolock 94967->94989 94969->94839 94970->94963 94971->94969 94972->94964 94974 6ae60f 94973->94974 94975 6ae624 94973->94975 94990 6af2d9 20 API calls __dosmaperr 94974->94990 94981 6ae61f 94975->94981 94992 6adc0b 94975->94992 94977 6ae614 94991 6b27ec 26 API calls pre_c_initialization 94977->94991 94981->94967 94985 6ae646 95009 6b862f 94985->95009 94988 6b29c8 _free 20 API calls 94988->94981 94989->94969 94990->94977 94991->94981 94993 6adc1f 94992->94993 94994 6adc23 94992->94994 94998 6b4d7a 94993->94998 94994->94993 94995 6ad955 __fread_nolock 26 API calls 94994->94995 94996 6adc43 94995->94996 95024 6b59be 62 API calls 6 library calls 94996->95024 94999 6ae640 94998->94999 95000 6b4d90 94998->95000 95002 6ad955 94999->95002 95000->94999 95001 6b29c8 _free 20 API calls 95000->95001 95001->94999 95003 6ad961 95002->95003 95004 6ad976 95002->95004 95025 6af2d9 20 API calls __dosmaperr 95003->95025 95004->94985 95006 6ad966 95026 6b27ec 26 API calls pre_c_initialization 95006->95026 95008 6ad971 95008->94985 95010 6b863e 95009->95010 95011 6b8653 95009->95011 95027 6af2c6 20 API calls __dosmaperr 95010->95027 95013 6b868e 95011->95013 95018 6b867a 95011->95018 95032 6af2c6 20 API calls __dosmaperr 95013->95032 95014 6b8643 95028 6af2d9 20 API calls __dosmaperr 95014->95028 95016 6b8693 95033 6af2d9 20 API calls __dosmaperr 95016->95033 95029 6b8607 95018->95029 95021 6b869b 95034 6b27ec 26 API calls pre_c_initialization 95021->95034 95022 6ae64c 95022->94981 95022->94988 95024->94993 95025->95006 95026->95008 95027->95014 95028->95022 95035 6b8585 95029->95035 95031 6b862b 95031->95022 95032->95016 95033->95021 95034->95022 95036 6b8591 ___DestructExceptionObject 95035->95036 95046 6b5147 EnterCriticalSection 95036->95046 95038 6b859f 95039 6b85d1 95038->95039 95040 6b85c6 95038->95040 95047 6af2d9 20 API calls __dosmaperr 95039->95047 95041 6b86ae __wsopen_s 29 API calls 95040->95041 95043 6b85cc 95041->95043 95048 6b85fb LeaveCriticalSection __wsopen_s 95043->95048 95045 6b85ee __fread_nolock 95045->95031 95046->95038 95047->95043 95048->95045 95049 681044 95054 6810f3 95049->95054 95051 68104a 95090 6a00a3 29 API calls __onexit 95051->95090 95053 681054 95091 681398 95054->95091 95058 68116a 95059 68a961 22 API calls 95058->95059 95060 681174 95059->95060 95061 68a961 22 API calls 95060->95061 95062 68117e 95061->95062 95063 68a961 22 API calls 95062->95063 95064 681188 95063->95064 95065 68a961 22 API calls 95064->95065 95066 6811c6 95065->95066 95067 68a961 22 API calls 95066->95067 95068 681292 95067->95068 95101 68171c 95068->95101 95072 6812c4 95073 68a961 22 API calls 95072->95073 95074 6812ce 95073->95074 95122 691940 95074->95122 95076 6812f9 95132 681aab 95076->95132 95078 681315 95079 681325 GetStdHandle 95078->95079 95080 6c2485 95079->95080 95083 68137a 95079->95083 95081 6c248e 95080->95081 95080->95083 95082 69fddb 22 API calls 95081->95082 95084 6c2495 95082->95084 95085 681387 OleInitialize 95083->95085 95139 6f011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95084->95139 95085->95051 95087 6c249e 95140 6f0944 CreateThread 95087->95140 95089 6c24aa CloseHandle 95089->95083 95090->95053 95141 6813f1 95091->95141 95094 6813f1 22 API calls 95095 6813d0 95094->95095 95096 68a961 22 API calls 95095->95096 95097 6813dc 95096->95097 95098 686b57 22 API calls 95097->95098 95099 681129 95098->95099 95100 681bc3 6 API calls 95099->95100 95100->95058 95102 68a961 22 API calls 95101->95102 95103 68172c 95102->95103 95104 68a961 22 API calls 95103->95104 95105 681734 95104->95105 95106 68a961 22 API calls 95105->95106 95107 68174f 95106->95107 95108 69fddb 22 API calls 95107->95108 95109 68129c 95108->95109 95110 681b4a 95109->95110 95111 681b58 95110->95111 95112 68a961 22 API calls 95111->95112 95113 681b63 95112->95113 95114 68a961 22 API calls 95113->95114 95115 681b6e 95114->95115 95116 68a961 22 API calls 95115->95116 95117 681b79 95116->95117 95118 68a961 22 API calls 95117->95118 95119 681b84 95118->95119 95120 69fddb 22 API calls 95119->95120 95121 681b96 RegisterWindowMessageW 95120->95121 95121->95072 95123 69195d 95122->95123 95124 691981 95122->95124 95131 69196e 95123->95131 95150 6a0242 5 API calls __Init_thread_wait 95123->95150 95148 6a0242 5 API calls __Init_thread_wait 95124->95148 95126 69198b 95126->95123 95149 6a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95126->95149 95128 698727 95128->95131 95151 6a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95128->95151 95131->95076 95133 6c272d 95132->95133 95134 681abb 95132->95134 95152 6f3209 23 API calls 95133->95152 95136 69fddb 22 API calls 95134->95136 95138 681ac3 95136->95138 95137 6c2738 95138->95078 95139->95087 95140->95089 95153 6f092a 28 API calls 95140->95153 95142 68a961 22 API calls 95141->95142 95143 6813fc 95142->95143 95144 68a961 22 API calls 95143->95144 95145 681404 95144->95145 95146 68a961 22 API calls 95145->95146 95147 6813c6 95146->95147 95147->95094 95148->95126 95149->95123 95150->95128 95151->95131 95152->95137 95154 6d2a00 95170 68d7b0 messages 95154->95170 95155 68db11 PeekMessageW 95155->95170 95156 68d807 GetInputState 95156->95155 95156->95170 95158 6d1cbe TranslateAcceleratorW 95158->95170 95159 68da04 timeGetTime 95159->95170 95160 68db8f PeekMessageW 95160->95170 95161 68db73 TranslateMessage DispatchMessageW 95161->95160 95162 68dbaf Sleep 95162->95170 95163 6d2b74 Sleep 95176 6d2a51 95163->95176 95166 6d1dda timeGetTime 95315 69e300 23 API calls 95166->95315 95169 6d2c0b GetExitCodeProcess 95174 6d2c37 CloseHandle 95169->95174 95175 6d2c21 WaitForSingleObject 95169->95175 95170->95155 95170->95156 95170->95158 95170->95159 95170->95160 95170->95161 95170->95162 95170->95163 95170->95166 95173 68d9d5 95170->95173 95170->95176 95186 68dd50 95170->95186 95193 691310 95170->95193 95250 68bf40 95170->95250 95308 69edf6 95170->95308 95313 68dfd0 348 API calls 3 library calls 95170->95313 95314 69e551 timeGetTime 95170->95314 95316 6f3a2a 23 API calls 95170->95316 95317 68ec40 95170->95317 95341 6f359c 82 API calls __wsopen_s 95170->95341 95171 7129bf GetForegroundWindow 95171->95176 95174->95176 95175->95170 95175->95174 95176->95169 95176->95170 95176->95171 95176->95173 95177 6d2ca9 Sleep 95176->95177 95342 705658 23 API calls 95176->95342 95343 6ee97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95176->95343 95344 69e551 timeGetTime 95176->95344 95345 6ed4dc CreateToolhelp32Snapshot Process32FirstW 95176->95345 95177->95170 95187 68dd6f 95186->95187 95188 68dd83 95186->95188 95355 68d260 95187->95355 95387 6f359c 82 API calls __wsopen_s 95188->95387 95190 68dd7a 95190->95170 95192 6d2f75 95192->95192 95194 6917b0 95193->95194 95195 691376 95193->95195 95426 6a0242 5 API calls __Init_thread_wait 95194->95426 95197 691390 95195->95197 95198 6d6331 95195->95198 95201 691940 9 API calls 95197->95201 95440 70709c 348 API calls 95198->95440 95200 6917ba 95203 6917fb 95200->95203 95206 689cb3 22 API calls 95200->95206 95204 6913a0 95201->95204 95202 6d633d 95202->95170 95208 6d6346 95203->95208 95210 69182c 95203->95210 95205 691940 9 API calls 95204->95205 95207 6913b6 95205->95207 95214 6917d4 95206->95214 95207->95203 95209 6913ec 95207->95209 95441 6f359c 82 API calls __wsopen_s 95208->95441 95209->95208 95233 691408 __fread_nolock 95209->95233 95428 68aceb 95210->95428 95213 691839 95438 69d217 348 API calls 95213->95438 95427 6a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95214->95427 95217 6d636e 95442 6f359c 82 API calls __wsopen_s 95217->95442 95218 69152f 95220 69153c 95218->95220 95221 6d63d1 95218->95221 95223 691940 9 API calls 95220->95223 95444 705745 54 API calls _wcslen 95221->95444 95224 691549 95223->95224 95227 6d64fa 95224->95227 95229 691940 9 API calls 95224->95229 95225 69fddb 22 API calls 95225->95233 95226 69fe0b 22 API calls 95226->95233 95237 6d6369 95227->95237 95445 6f359c 82 API calls __wsopen_s 95227->95445 95228 691872 95439 69faeb 23 API calls 95228->95439 95235 691563 95229->95235 95232 68ec40 348 API calls 95232->95233 95233->95213 95233->95217 95233->95218 95233->95225 95233->95226 95233->95232 95234 6d63b2 95233->95234 95233->95237 95443 6f359c 82 API calls __wsopen_s 95234->95443 95235->95227 95238 68a8c7 22 API calls 95235->95238 95240 6915c7 messages 95235->95240 95237->95170 95238->95240 95239 691940 9 API calls 95239->95240 95240->95227 95240->95228 95240->95237 95240->95239 95242 69167b messages 95240->95242 95397 70ab67 95240->95397 95400 70abf7 95240->95400 95405 69f645 95240->95405 95412 70a2ea 95240->95412 95417 711591 95240->95417 95420 6f5c5a 95240->95420 95241 69171d 95241->95170 95242->95241 95425 69ce17 22 API calls messages 95242->95425 95617 68adf0 95250->95617 95252 68bf9d 95253 68bfa9 95252->95253 95254 6d04b6 95252->95254 95256 6d04c6 95253->95256 95257 68c01e 95253->95257 95635 6f359c 82 API calls __wsopen_s 95254->95635 95636 6f359c 82 API calls __wsopen_s 95256->95636 95622 68ac91 95257->95622 95261 6e7120 22 API calls 95278 68c039 __fread_nolock messages 95261->95278 95262 68c7da 95265 69fe0b 22 API calls 95262->95265 95270 68c808 __fread_nolock 95265->95270 95267 6d04f5 95271 6d055a 95267->95271 95637 69d217 348 API calls 95267->95637 95273 69fe0b 22 API calls 95270->95273 95295 68c603 95271->95295 95638 6f359c 82 API calls __wsopen_s 95271->95638 95272 68ec40 348 API calls 95272->95278 95279 68c350 __fread_nolock messages 95273->95279 95274 68af8a 22 API calls 95274->95278 95275 6d091a 95647 6f3209 23 API calls 95275->95647 95278->95261 95278->95262 95278->95267 95278->95270 95278->95271 95278->95272 95278->95274 95278->95275 95280 6d08a5 95278->95280 95284 6d0591 95278->95284 95288 6d08f6 95278->95288 95289 68bbe0 40 API calls 95278->95289 95291 68aceb 23 API calls 95278->95291 95293 68c237 95278->95293 95278->95295 95297 69fddb 22 API calls 95278->95297 95302 6d09bf 95278->95302 95306 69fe0b 22 API calls 95278->95306 95626 68ad81 95278->95626 95640 6e7099 22 API calls __fread_nolock 95278->95640 95641 705745 54 API calls _wcslen 95278->95641 95642 69aa42 22 API calls messages 95278->95642 95643 6ef05c 40 API calls 95278->95643 95644 68a993 41 API calls 95278->95644 95307 68c3ac 95279->95307 95634 69ce17 22 API calls messages 95279->95634 95281 68ec40 348 API calls 95280->95281 95283 6d08cf 95281->95283 95283->95295 95645 68a81b 41 API calls 95283->95645 95639 6f359c 82 API calls __wsopen_s 95284->95639 95646 6f359c 82 API calls __wsopen_s 95288->95646 95289->95278 95291->95278 95292 68c253 95296 6d0976 95292->95296 95300 68c297 messages 95292->95300 95293->95292 95294 68a8c7 22 API calls 95293->95294 95294->95292 95295->95170 95299 68aceb 23 API calls 95296->95299 95297->95278 95299->95302 95301 68aceb 23 API calls 95300->95301 95300->95302 95303 68c335 95301->95303 95302->95295 95648 6f359c 82 API calls __wsopen_s 95302->95648 95303->95302 95304 68c342 95303->95304 95633 68a704 22 API calls messages 95304->95633 95306->95278 95307->95170 95309 69ee09 95308->95309 95310 69ee12 95308->95310 95309->95170 95310->95309 95311 69ee36 IsDialogMessageW 95310->95311 95312 6defaf GetClassLongW 95310->95312 95311->95309 95311->95310 95312->95310 95312->95311 95313->95170 95314->95170 95315->95170 95316->95170 95318 68ec76 messages 95317->95318 95319 6a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95318->95319 95320 6d4beb 95318->95320 95322 68fef7 95318->95322 95323 69fddb 22 API calls 95318->95323 95324 68ed9d messages 95318->95324 95326 6d4600 95318->95326 95327 6d4b0b 95318->95327 95328 68a8c7 22 API calls 95318->95328 95331 68f3ae messages 95318->95331 95335 6a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95318->95335 95336 68fbe3 95318->95336 95337 68a961 22 API calls 95318->95337 95339 6a00a3 29 API calls pre_c_initialization 95318->95339 95657 6901e0 348 API calls 2 library calls 95318->95657 95658 6906a0 41 API calls messages 95318->95658 95319->95318 95662 6f359c 82 API calls __wsopen_s 95320->95662 95322->95324 95329 68a8c7 22 API calls 95322->95329 95323->95318 95324->95170 95326->95324 95333 68a8c7 22 API calls 95326->95333 95660 6f359c 82 API calls __wsopen_s 95327->95660 95328->95318 95329->95324 95331->95324 95659 6f359c 82 API calls __wsopen_s 95331->95659 95333->95324 95335->95318 95336->95324 95336->95331 95338 6d4bdc 95336->95338 95337->95318 95661 6f359c 82 API calls __wsopen_s 95338->95661 95339->95318 95341->95170 95342->95176 95343->95176 95344->95176 95663 6edef7 95345->95663 95347 6ed5db CloseHandle 95347->95176 95348 6ed529 Process32NextW 95348->95347 95353 6ed522 95348->95353 95349 68a961 22 API calls 95349->95353 95350 689cb3 22 API calls 95350->95353 95353->95347 95353->95348 95353->95349 95353->95350 95669 68525f 22 API calls 95353->95669 95670 686350 22 API calls 95353->95670 95671 69ce60 41 API calls 95353->95671 95356 68ec40 348 API calls 95355->95356 95361 68d29d 95356->95361 95357 6d1bc4 95396 6f359c 82 API calls __wsopen_s 95357->95396 95359 68d30b messages 95359->95190 95360 68d6d5 95360->95359 95372 69fe0b 22 API calls 95360->95372 95361->95357 95361->95359 95361->95360 95362 68d3c3 95361->95362 95367 68d4b8 95361->95367 95371 69fddb 22 API calls 95361->95371 95382 68d429 __fread_nolock messages 95361->95382 95362->95360 95364 68d3ce 95362->95364 95363 68d5ff 95365 6d1bb5 95363->95365 95366 68d614 95363->95366 95368 69fddb 22 API calls 95364->95368 95395 705705 23 API calls 95365->95395 95370 69fddb 22 API calls 95366->95370 95373 69fe0b 22 API calls 95367->95373 95375 68d3d5 __fread_nolock 95368->95375 95379 68d46a 95370->95379 95371->95361 95372->95375 95373->95382 95374 69fddb 22 API calls 95376 68d3f6 95374->95376 95375->95374 95375->95376 95376->95382 95388 68bec0 348 API calls 95376->95388 95378 6d1ba4 95394 6f359c 82 API calls __wsopen_s 95378->95394 95379->95190 95382->95363 95382->95378 95382->95379 95383 6d1b7f 95382->95383 95385 6d1b5d 95382->95385 95389 681f6f 95382->95389 95393 6f359c 82 API calls __wsopen_s 95383->95393 95392 6f359c 82 API calls __wsopen_s 95385->95392 95387->95192 95388->95382 95390 68ec40 348 API calls 95389->95390 95391 681f98 95390->95391 95391->95382 95392->95379 95393->95379 95394->95379 95395->95357 95396->95359 95446 70aff9 95397->95446 95401 70aff9 217 API calls 95400->95401 95403 70ac0c 95401->95403 95402 70ac54 95402->95240 95403->95402 95404 68aceb 23 API calls 95403->95404 95404->95402 95406 68b567 39 API calls 95405->95406 95407 69f659 95406->95407 95408 6df2dc Sleep 95407->95408 95409 69f661 timeGetTime 95407->95409 95410 68b567 39 API calls 95409->95410 95411 69f677 95410->95411 95411->95240 95413 687510 53 API calls 95412->95413 95414 70a306 95413->95414 95415 6ed4dc 47 API calls 95414->95415 95416 70a315 95415->95416 95416->95240 95601 712ad8 95417->95601 95419 71159f 95419->95240 95421 687510 53 API calls 95420->95421 95422 6f5c6d 95421->95422 95611 6edbbe lstrlenW 95422->95611 95424 6f5c77 95424->95240 95425->95242 95426->95200 95427->95203 95429 68acf9 95428->95429 95437 68ad2a messages 95428->95437 95430 68ad01 messages 95429->95430 95431 68ad55 95429->95431 95433 6cfa48 95430->95433 95434 68ad21 95430->95434 95430->95437 95432 68a8c7 22 API calls 95431->95432 95431->95437 95432->95437 95433->95437 95616 69ce17 22 API calls messages 95433->95616 95435 6cfa3a VariantClear 95434->95435 95434->95437 95435->95437 95437->95213 95438->95228 95439->95228 95440->95202 95441->95237 95442->95237 95443->95237 95444->95235 95445->95237 95447 70b01d ___scrt_fastfail 95446->95447 95448 70b094 95447->95448 95449 70b058 95447->95449 95453 68b567 39 API calls 95448->95453 95455 70b08b 95448->95455 95567 68b567 95449->95567 95451 70b063 95451->95455 95459 68b567 39 API calls 95451->95459 95452 70b0ed 95537 687510 95452->95537 95454 70b0a5 95453->95454 95458 68b567 39 API calls 95454->95458 95455->95452 95460 68b567 39 API calls 95455->95460 95458->95455 95462 70b078 95459->95462 95460->95452 95464 68b567 39 API calls 95462->95464 95463 70b115 95465 70b1d8 95463->95465 95466 70b11f 95463->95466 95464->95455 95468 70b20a GetCurrentDirectoryW 95465->95468 95471 687510 53 API calls 95465->95471 95467 687510 53 API calls 95466->95467 95469 70b130 95467->95469 95470 69fe0b 22 API calls 95468->95470 95472 687620 22 API calls 95469->95472 95473 70b22f GetCurrentDirectoryW 95470->95473 95474 70b1ef 95471->95474 95475 70b13a 95472->95475 95476 70b23c 95473->95476 95477 687620 22 API calls 95474->95477 95478 687510 53 API calls 95475->95478 95483 70b275 95476->95483 95572 689c6e 22 API calls 95476->95572 95480 70b1f9 _wcslen 95477->95480 95479 70b14b 95478->95479 95481 687620 22 API calls 95479->95481 95480->95468 95480->95483 95484 70b155 95481->95484 95486 70b287 95483->95486 95487 70b28b 95483->95487 95488 687510 53 API calls 95484->95488 95485 70b255 95573 689c6e 22 API calls 95485->95573 95494 70b2f8 95486->95494 95495 70b39a CreateProcessW 95486->95495 95575 6f07c0 10 API calls 95487->95575 95491 70b166 95488->95491 95496 687620 22 API calls 95491->95496 95492 70b265 95574 689c6e 22 API calls 95492->95574 95493 70b294 95576 6f06e6 10 API calls 95493->95576 95578 6e11c8 39 API calls 95494->95578 95536 70b32f _wcslen 95495->95536 95500 70b170 95496->95500 95501 70b1a6 GetSystemDirectoryW 95500->95501 95504 687510 53 API calls 95500->95504 95506 69fe0b 22 API calls 95501->95506 95502 70b2aa 95577 6f05a7 8 API calls 95502->95577 95503 70b2fd 95507 70b323 95503->95507 95508 70b32a 95503->95508 95510 70b187 95504->95510 95513 70b1cb GetSystemDirectoryW 95506->95513 95579 6e1201 128 API calls 2 library calls 95507->95579 95580 6e14ce 6 API calls 95508->95580 95515 687620 22 API calls 95510->95515 95512 70b2d0 95512->95486 95513->95476 95514 70b328 95514->95536 95516 70b191 _wcslen 95515->95516 95516->95476 95516->95501 95517 70b3d6 GetLastError 95526 70b41a 95517->95526 95518 70b42f CloseHandle 95519 70b43f 95518->95519 95527 70b49a 95518->95527 95521 70b451 95519->95521 95522 70b446 CloseHandle 95519->95522 95524 70b463 95521->95524 95525 70b458 CloseHandle 95521->95525 95522->95521 95523 70b4a6 95523->95526 95528 70b475 95524->95528 95529 70b46a CloseHandle 95524->95529 95525->95524 95564 6f0175 95526->95564 95527->95523 95532 70b4d2 CloseHandle 95527->95532 95581 6f09d9 34 API calls 95528->95581 95529->95528 95532->95526 95534 70b486 95582 70b536 25 API calls 95534->95582 95536->95517 95536->95518 95538 687522 95537->95538 95539 687525 95537->95539 95560 687620 95538->95560 95540 68755b 95539->95540 95541 68752d 95539->95541 95543 6c50f6 95540->95543 95544 68756d 95540->95544 95551 6c500f 95540->95551 95583 6a51c6 26 API calls 95541->95583 95586 6a5183 26 API calls 95543->95586 95584 69fb21 51 API calls 95544->95584 95545 68753d 95550 69fddb 22 API calls 95545->95550 95548 6c510e 95548->95548 95552 687547 95550->95552 95554 69fe0b 22 API calls 95551->95554 95555 6c5088 95551->95555 95553 689cb3 22 API calls 95552->95553 95553->95538 95557 6c5058 95554->95557 95585 69fb21 51 API calls 95555->95585 95556 69fddb 22 API calls 95558 6c507f 95556->95558 95557->95556 95559 689cb3 22 API calls 95558->95559 95559->95555 95561 68762a _wcslen 95560->95561 95562 69fe0b 22 API calls 95561->95562 95563 68763f 95562->95563 95563->95463 95587 6f030f 95564->95587 95568 68b578 95567->95568 95569 68b57f 95567->95569 95568->95569 95600 6a62d1 39 API calls _strftime 95568->95600 95569->95451 95571 68b5c2 95571->95451 95572->95485 95573->95492 95574->95483 95575->95493 95576->95502 95577->95512 95578->95503 95579->95514 95580->95536 95581->95534 95582->95527 95583->95545 95584->95545 95585->95543 95586->95548 95588 6f0329 95587->95588 95589 6f0321 CloseHandle 95587->95589 95590 6f032e CloseHandle 95588->95590 95591 6f0336 95588->95591 95589->95588 95590->95591 95592 6f033b CloseHandle 95591->95592 95593 6f0343 95591->95593 95592->95593 95594 6f0348 CloseHandle 95593->95594 95595 6f0350 95593->95595 95594->95595 95596 6f035d 95595->95596 95597 6f0355 CloseHandle 95595->95597 95598 6f017d 95596->95598 95599 6f0362 CloseHandle 95596->95599 95597->95596 95598->95240 95599->95598 95600->95571 95602 68aceb 23 API calls 95601->95602 95603 712af3 95602->95603 95604 712b1d 95603->95604 95605 712aff 95603->95605 95607 686b57 22 API calls 95604->95607 95606 687510 53 API calls 95605->95606 95608 712b0c 95606->95608 95609 712b1b 95607->95609 95608->95609 95610 68a8c7 22 API calls 95608->95610 95609->95419 95610->95609 95612 6edbdc GetFileAttributesW 95611->95612 95613 6edc06 95611->95613 95612->95613 95614 6edbe8 FindFirstFileW 95612->95614 95613->95424 95614->95613 95615 6edbf9 FindClose 95614->95615 95615->95613 95616->95437 95618 68ae01 95617->95618 95621 68ae1c messages 95617->95621 95619 68aec9 22 API calls 95618->95619 95620 68ae09 CharUpperBuffW 95619->95620 95620->95621 95621->95252 95623 68acae 95622->95623 95624 68acd1 95623->95624 95649 6f359c 82 API calls __wsopen_s 95623->95649 95624->95278 95627 6cfadb 95626->95627 95628 68ad92 95626->95628 95629 69fddb 22 API calls 95628->95629 95630 68ad99 95629->95630 95650 68adcd 95630->95650 95633->95279 95634->95279 95635->95256 95636->95295 95637->95271 95638->95295 95639->95295 95640->95278 95641->95278 95642->95278 95643->95278 95644->95278 95645->95288 95646->95295 95647->95293 95648->95295 95649->95624 95653 68addd 95650->95653 95651 68adb6 95651->95278 95652 69fddb 22 API calls 95652->95653 95653->95651 95653->95652 95654 68a961 22 API calls 95653->95654 95655 68adcd 22 API calls 95653->95655 95656 68a8c7 22 API calls 95653->95656 95654->95653 95655->95653 95656->95653 95657->95318 95658->95318 95659->95324 95660->95324 95661->95320 95662->95324 95664 6edf02 95663->95664 95665 6edf19 95664->95665 95668 6edf1f 95664->95668 95672 6a63b2 GetStringTypeW _strftime 95664->95672 95673 6a62fb 39 API calls _strftime 95665->95673 95668->95353 95669->95353 95670->95353 95671->95353 95672->95664 95673->95668 95674 6c2402 95677 681410 95674->95677 95678 6c24b8 DestroyWindow 95677->95678 95679 68144f mciSendStringW 95677->95679 95692 6c24c4 95678->95692 95680 68146b 95679->95680 95681 6816c6 95679->95681 95682 681479 95680->95682 95680->95692 95681->95680 95683 6816d5 UnregisterHotKey 95681->95683 95710 68182e 95682->95710 95683->95681 95685 6c2509 95691 6c251c FreeLibrary 95685->95691 95693 6c252d 95685->95693 95686 6c24d8 95686->95692 95716 686246 CloseHandle 95686->95716 95687 6c24e2 FindClose 95687->95692 95690 68148e 95690->95693 95697 68149c 95690->95697 95691->95685 95692->95685 95692->95686 95692->95687 95694 6c2541 VirtualFree 95693->95694 95699 681509 95693->95699 95694->95693 95695 6814f8 CoUninitialize 95695->95699 95696 6c2589 95702 6c2598 messages 95696->95702 95717 6f32eb 6 API calls messages 95696->95717 95697->95695 95699->95696 95700 681514 95699->95700 95714 681944 VirtualFreeEx CloseHandle 95700->95714 95706 6c2627 95702->95706 95718 6e64d4 22 API calls messages 95702->95718 95704 68153a 95704->95702 95705 68161f 95704->95705 95705->95706 95707 68166d 95705->95707 95706->95706 95707->95706 95715 681876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95707->95715 95709 6816c1 95711 68183b 95710->95711 95712 681480 95711->95712 95719 6e702a 22 API calls 95711->95719 95712->95685 95712->95690 95714->95704 95715->95709 95716->95686 95717->95696 95718->95702 95719->95711 95720 681098 95725 6842de 95720->95725 95724 6810a7 95726 68a961 22 API calls 95725->95726 95727 6842f5 GetVersionExW 95726->95727 95728 686b57 22 API calls 95727->95728 95729 684342 95728->95729 95730 6893b2 22 API calls 95729->95730 95744 684378 95729->95744 95731 68436c 95730->95731 95733 6837a0 22 API calls 95731->95733 95732 68441b GetCurrentProcess IsWow64Process 95734 684437 95732->95734 95733->95744 95735 68444f LoadLibraryA 95734->95735 95736 6c3824 GetSystemInfo 95734->95736 95737 68449c GetSystemInfo 95735->95737 95738 684460 GetProcAddress 95735->95738 95740 684476 95737->95740 95738->95737 95739 684470 GetNativeSystemInfo 95738->95739 95739->95740 95742 68447a FreeLibrary 95740->95742 95743 68109d 95740->95743 95741 6c37df 95742->95743 95745 6a00a3 29 API calls __onexit 95743->95745 95744->95732 95744->95741 95745->95724 95746 6a03fb 95747 6a0407 ___DestructExceptionObject 95746->95747 95775 69feb1 95747->95775 95749 6a040e 95750 6a0561 95749->95750 95753 6a0438 95749->95753 95805 6a083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95750->95805 95752 6a0568 95798 6a4e52 95752->95798 95764 6a0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95753->95764 95786 6b247d 95753->95786 95760 6a0457 95762 6a04d8 95794 6a0959 95762->95794 95764->95762 95801 6a4e1a 38 API calls 3 library calls 95764->95801 95766 6a04de 95767 6a04f3 95766->95767 95802 6a0992 GetModuleHandleW 95767->95802 95769 6a04fa 95769->95752 95770 6a04fe 95769->95770 95771 6a0507 95770->95771 95803 6a4df5 28 API calls _abort 95770->95803 95804 6a0040 13 API calls 2 library calls 95771->95804 95774 6a050f 95774->95760 95776 69feba 95775->95776 95807 6a0698 IsProcessorFeaturePresent 95776->95807 95778 69fec6 95808 6a2c94 10 API calls 3 library calls 95778->95808 95780 69fecb 95781 69fecf 95780->95781 95809 6b2317 95780->95809 95781->95749 95784 69fee6 95784->95749 95788 6b2494 95786->95788 95787 6a0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95789 6a0451 95787->95789 95788->95787 95789->95760 95790 6b2421 95789->95790 95792 6b2450 95790->95792 95791 6a0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95793 6b2479 95791->95793 95792->95791 95793->95764 95860 6a2340 95794->95860 95797 6a097f 95797->95766 95862 6a4bcf 95798->95862 95801->95762 95802->95769 95803->95771 95804->95774 95805->95752 95807->95778 95808->95780 95813 6bd1f6 95809->95813 95812 6a2cbd 8 API calls 3 library calls 95812->95781 95814 6bd20f 95813->95814 95815 6bd213 95813->95815 95831 6a0a8c 95814->95831 95815->95814 95819 6b4bfb 95815->95819 95817 69fed8 95817->95784 95817->95812 95820 6b4c07 ___DestructExceptionObject 95819->95820 95838 6b2f5e EnterCriticalSection 95820->95838 95822 6b4c0e 95839 6b50af 95822->95839 95824 6b4c1d 95830 6b4c2c 95824->95830 95852 6b4a8f 29 API calls 95824->95852 95827 6b4c27 95853 6b4b45 GetStdHandle GetFileType 95827->95853 95828 6b4c3d __fread_nolock 95828->95815 95854 6b4c48 LeaveCriticalSection _abort 95830->95854 95832 6a0a97 IsProcessorFeaturePresent 95831->95832 95833 6a0a95 95831->95833 95835 6a0c5d 95832->95835 95833->95817 95859 6a0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95835->95859 95837 6a0d40 95837->95817 95838->95822 95840 6b50bb ___DestructExceptionObject 95839->95840 95841 6b50c8 95840->95841 95842 6b50df 95840->95842 95856 6af2d9 20 API calls __dosmaperr 95841->95856 95855 6b2f5e EnterCriticalSection 95842->95855 95845 6b50cd 95857 6b27ec 26 API calls pre_c_initialization 95845->95857 95847 6b5117 95858 6b513e LeaveCriticalSection _abort 95847->95858 95848 6b50d7 __fread_nolock 95848->95824 95849 6b50eb 95849->95847 95851 6b5000 __wsopen_s 21 API calls 95849->95851 95851->95849 95852->95827 95853->95830 95854->95828 95855->95849 95856->95845 95857->95848 95858->95848 95859->95837 95861 6a096c GetStartupInfoW 95860->95861 95861->95797 95863 6a4bdb IsInExceptionSpec 95862->95863 95864 6a4be2 95863->95864 95865 6a4bf4 95863->95865 95901 6a4d29 GetModuleHandleW 95864->95901 95886 6b2f5e EnterCriticalSection 95865->95886 95868 6a4be7 95868->95865 95902 6a4d6d GetModuleHandleExW 95868->95902 95869 6a4c99 95890 6a4cd9 95869->95890 95873 6a4c70 95877 6a4c88 95873->95877 95882 6b2421 _abort 5 API calls 95873->95882 95875 6a4ce2 95910 6c1d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 95875->95910 95876 6a4cb6 95893 6a4ce8 95876->95893 95883 6b2421 _abort 5 API calls 95877->95883 95878 6a4bfb 95878->95869 95878->95873 95887 6b21a8 95878->95887 95882->95877 95883->95869 95886->95878 95911 6b1ee1 95887->95911 95930 6b2fa6 LeaveCriticalSection 95890->95930 95892 6a4cb2 95892->95875 95892->95876 95931 6b360c 95893->95931 95896 6a4d16 95899 6a4d6d _abort 8 API calls 95896->95899 95897 6a4cf6 GetPEB 95897->95896 95898 6a4d06 GetCurrentProcess TerminateProcess 95897->95898 95898->95896 95900 6a4d1e ExitProcess 95899->95900 95901->95868 95903 6a4dba 95902->95903 95904 6a4d97 GetProcAddress 95902->95904 95906 6a4dc9 95903->95906 95907 6a4dc0 FreeLibrary 95903->95907 95905 6a4dac 95904->95905 95905->95903 95908 6a0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95906->95908 95907->95906 95909 6a4bf3 95908->95909 95909->95865 95914 6b1e90 95911->95914 95913 6b1f05 95913->95873 95915 6b1e9c ___DestructExceptionObject 95914->95915 95922 6b2f5e EnterCriticalSection 95915->95922 95917 6b1eaa 95923 6b1f31 95917->95923 95921 6b1ec8 __fread_nolock 95921->95913 95922->95917 95926 6b1f59 95923->95926 95927 6b1f51 95923->95927 95924 6a0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95925 6b1eb7 95924->95925 95929 6b1ed5 LeaveCriticalSection _abort 95925->95929 95926->95927 95928 6b29c8 _free 20 API calls 95926->95928 95927->95924 95928->95927 95929->95921 95930->95892 95932 6b3631 95931->95932 95933 6b3627 95931->95933 95938 6b2fd7 5 API calls 2 library calls 95932->95938 95935 6a0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95933->95935 95936 6a4cf2 95935->95936 95936->95896 95936->95897 95937 6b3648 95937->95933 95938->95937 95939 68105b 95944 68344d 95939->95944 95941 68106a 95975 6a00a3 29 API calls __onexit 95941->95975 95943 681074 95945 68345d __wsopen_s 95944->95945 95946 68a961 22 API calls 95945->95946 95947 683513 95946->95947 95948 683a5a 24 API calls 95947->95948 95949 68351c 95948->95949 95976 683357 95949->95976 95952 6833c6 22 API calls 95953 683535 95952->95953 95954 68515f 22 API calls 95953->95954 95955 683544 95954->95955 95956 68a961 22 API calls 95955->95956 95957 68354d 95956->95957 95958 68a6c3 22 API calls 95957->95958 95959 683556 RegOpenKeyExW 95958->95959 95960 6c3176 RegQueryValueExW 95959->95960 95964 683578 95959->95964 95961 6c320c RegCloseKey 95960->95961 95962 6c3193 95960->95962 95961->95964 95972 6c321e _wcslen 95961->95972 95963 69fe0b 22 API calls 95962->95963 95965 6c31ac 95963->95965 95964->95941 95967 685722 22 API calls 95965->95967 95966 684c6d 22 API calls 95966->95972 95968 6c31b7 RegQueryValueExW 95967->95968 95969 6c31d4 95968->95969 95971 6c31ee messages 95968->95971 95970 686b57 22 API calls 95969->95970 95970->95971 95971->95961 95972->95964 95972->95966 95973 689cb3 22 API calls 95972->95973 95974 68515f 22 API calls 95972->95974 95973->95972 95974->95972 95975->95943 95977 6c1f50 __wsopen_s 95976->95977 95978 683364 GetFullPathNameW 95977->95978 95979 683386 95978->95979 95980 686b57 22 API calls 95979->95980 95981 6833a4 95980->95981 95981->95952 95982 68defc 95985 681d6f 95982->95985 95984 68df07 95986 681d8c 95985->95986 95987 681f6f 348 API calls 95986->95987 95988 681da6 95987->95988 95989 6c2759 95988->95989 95991 681e36 95988->95991 95992 681dc2 95988->95992 95995 6f359c 82 API calls __wsopen_s 95989->95995 95991->95984 95992->95991 95994 68289a 23 API calls 95992->95994 95994->95991 95995->95991 95996 68dddc 95999 68b710 95996->95999 96000 68b72b 95999->96000 96001 6d00f8 96000->96001 96002 6d0146 96000->96002 96023 68b750 96000->96023 96005 6d0102 96001->96005 96007 6d010f 96001->96007 96001->96023 96052 7058a2 348 API calls 2 library calls 96002->96052 96050 705d33 348 API calls 96005->96050 96022 68ba20 96007->96022 96051 7061d0 348 API calls 2 library calls 96007->96051 96010 69d336 40 API calls 96010->96023 96013 68bbe0 40 API calls 96013->96023 96014 6d03d9 96014->96014 96016 68ba4e 96018 6d0322 96054 705c0c 82 API calls 96018->96054 96022->96016 96055 6f359c 82 API calls __wsopen_s 96022->96055 96023->96010 96023->96013 96023->96016 96023->96018 96023->96022 96026 68aceb 23 API calls 96023->96026 96027 68ec40 348 API calls 96023->96027 96028 68a8c7 22 API calls 96023->96028 96030 69ee53 96023->96030 96034 69e5ca 96023->96034 96043 68a81b 41 API calls 96023->96043 96044 69d2f0 40 API calls 96023->96044 96045 69a01b 348 API calls 96023->96045 96046 6a0242 5 API calls __Init_thread_wait 96023->96046 96047 69edcd 22 API calls 96023->96047 96048 6a00a3 29 API calls __onexit 96023->96048 96049 6a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96023->96049 96053 6df6bf 23 API calls 96023->96053 96026->96023 96027->96023 96028->96023 96031 69ee70 96030->96031 96033 69eeb8 96030->96033 96031->96033 96056 6f359c 82 API calls __wsopen_s 96031->96056 96033->96023 96039 69e5fa 96034->96039 96035 69e70e 96035->96023 96036 69e5ca 348 API calls 96036->96039 96037 69e710 96037->96035 96068 6f359c 82 API calls __wsopen_s 96037->96068 96039->96035 96039->96036 96039->96037 96040 68ec40 348 API calls 96039->96040 96042 68aceb 23 API calls 96039->96042 96057 6904f0 96039->96057 96040->96039 96042->96039 96043->96023 96044->96023 96045->96023 96046->96023 96047->96023 96048->96023 96049->96023 96050->96007 96051->96022 96052->96023 96053->96023 96054->96022 96055->96014 96056->96033 96060 690502 96057->96060 96058 6905c0 96058->96039 96059 69050b 96059->96058 96062 69fddb 22 API calls 96059->96062 96060->96059 96069 69a732 22 API calls 96060->96069 96063 690629 96062->96063 96064 69fddb 22 API calls 96063->96064 96065 690632 96064->96065 96066 689cb3 22 API calls 96065->96066 96067 690641 96066->96067 96067->96039 96068->96035 96069->96059 96070 68f7bf 96071 68f7d3 96070->96071 96072 68fcb6 96070->96072 96074 68fcc2 96071->96074 96075 69fddb 22 API calls 96071->96075 96073 68aceb 23 API calls 96072->96073 96073->96074 96076 68aceb 23 API calls 96074->96076 96077 68f7e5 96075->96077 96079 68fd3d 96076->96079 96077->96074 96078 68f83e 96077->96078 96077->96079 96081 691310 348 API calls 96078->96081 96083 68ed9d messages 96078->96083 96107 6f1155 22 API calls 96079->96107 96084 68ec76 messages 96081->96084 96082 6d4beb 96111 6f359c 82 API calls __wsopen_s 96082->96111 96084->96082 96084->96083 96086 68fef7 96084->96086 96088 68f3ae messages 96084->96088 96089 6d4600 96084->96089 96090 6d4b0b 96084->96090 96091 68a8c7 22 API calls 96084->96091 96097 6a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96084->96097 96098 68fbe3 96084->96098 96099 68a961 22 API calls 96084->96099 96102 6a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96084->96102 96103 6a00a3 29 API calls pre_c_initialization 96084->96103 96104 69fddb 22 API calls 96084->96104 96105 6901e0 348 API calls 2 library calls 96084->96105 96106 6906a0 41 API calls messages 96084->96106 96086->96083 96092 68a8c7 22 API calls 96086->96092 96088->96083 96108 6f359c 82 API calls __wsopen_s 96088->96108 96089->96083 96095 68a8c7 22 API calls 96089->96095 96109 6f359c 82 API calls __wsopen_s 96090->96109 96091->96084 96092->96083 96095->96083 96097->96084 96098->96083 96098->96088 96100 6d4bdc 96098->96100 96099->96084 96110 6f359c 82 API calls __wsopen_s 96100->96110 96102->96084 96103->96084 96104->96084 96105->96084 96106->96084 96107->96083 96108->96083 96109->96083 96110->96082 96111->96083 96112 6d3f75 96123 69ceb1 96112->96123 96114 6d3f8b 96115 6d4006 96114->96115 96132 69e300 23 API calls 96114->96132 96117 68bf40 348 API calls 96115->96117 96119 6d4052 96117->96119 96118 6d3fe6 96118->96119 96133 6f1abf 22 API calls 96118->96133 96121 6d4a88 96119->96121 96134 6f359c 82 API calls __wsopen_s 96119->96134 96124 69cebf 96123->96124 96125 69ced2 96123->96125 96128 68aceb 23 API calls 96124->96128 96126 69cf05 96125->96126 96127 69ced7 96125->96127 96130 68aceb 23 API calls 96126->96130 96129 69fddb 22 API calls 96127->96129 96131 69cec9 96128->96131 96129->96131 96130->96131 96131->96114 96132->96118 96133->96115 96134->96121 96135 681033 96140 684c91 96135->96140 96139 681042 96141 68a961 22 API calls 96140->96141 96142 684cff 96141->96142 96148 683af0 96142->96148 96145 684d9c 96146 681038 96145->96146 96151 6851f7 22 API calls __fread_nolock 96145->96151 96147 6a00a3 29 API calls __onexit 96146->96147 96147->96139 96152 683b1c 96148->96152 96151->96145 96153 683b0f 96152->96153 96154 683b29 96152->96154 96153->96145 96154->96153 96155 683b30 RegOpenKeyExW 96154->96155 96155->96153 96156 683b4a RegQueryValueExW 96155->96156 96157 683b80 RegCloseKey 96156->96157 96158 683b6b 96156->96158 96157->96153 96158->96157 96159 683156 96162 683170 96159->96162 96163 683187 96162->96163 96164 6831eb 96163->96164 96165 68318c 96163->96165 96203 6831e9 96163->96203 96167 6c2dfb 96164->96167 96168 6831f1 96164->96168 96169 683199 96165->96169 96170 683265 PostQuitMessage 96165->96170 96166 6831d0 DefWindowProcW 96173 68316a 96166->96173 96217 6818e2 10 API calls 96167->96217 96174 6831f8 96168->96174 96175 68321d SetTimer RegisterWindowMessageW 96168->96175 96171 6c2e7c 96169->96171 96172 6831a4 96169->96172 96170->96173 96220 6ebf30 34 API calls ___scrt_fastfail 96171->96220 96178 6c2e68 96172->96178 96179 6831ae 96172->96179 96182 6c2d9c 96174->96182 96183 683201 KillTimer 96174->96183 96175->96173 96180 683246 CreatePopupMenu 96175->96180 96177 6c2e1c 96218 69e499 42 API calls 96177->96218 96207 6ec161 96178->96207 96185 6c2e4d 96179->96185 96186 6831b9 96179->96186 96180->96173 96188 6c2dd7 MoveWindow 96182->96188 96189 6c2da1 96182->96189 96190 6830f2 Shell_NotifyIconW 96183->96190 96185->96166 96219 6e0ad7 22 API calls 96185->96219 96192 6831c4 96186->96192 96193 683253 96186->96193 96187 6c2e8e 96187->96166 96187->96173 96188->96173 96194 6c2dc6 SetFocus 96189->96194 96195 6c2da7 96189->96195 96196 683214 96190->96196 96192->96166 96204 6830f2 Shell_NotifyIconW 96192->96204 96215 68326f 44 API calls ___scrt_fastfail 96193->96215 96194->96173 96195->96192 96198 6c2db0 96195->96198 96214 683c50 DeleteObject DestroyWindow 96196->96214 96216 6818e2 10 API calls 96198->96216 96201 683263 96201->96173 96203->96166 96205 6c2e41 96204->96205 96206 683837 49 API calls 96205->96206 96206->96203 96208 6ec179 ___scrt_fastfail 96207->96208 96209 6ec276 96207->96209 96210 683923 24 API calls 96208->96210 96209->96173 96212 6ec1a0 96210->96212 96211 6ec25f KillTimer SetTimer 96211->96209 96212->96211 96213 6ec251 Shell_NotifyIconW 96212->96213 96213->96211 96214->96173 96215->96201 96216->96173 96217->96177 96218->96192 96219->96203 96220->96187 96221 682e37 96222 68a961 22 API calls 96221->96222 96223 682e4d 96222->96223 96300 684ae3 96223->96300 96225 682e6b 96226 683a5a 24 API calls 96225->96226 96227 682e7f 96226->96227 96228 689cb3 22 API calls 96227->96228 96229 682e8c 96228->96229 96230 684ecb 94 API calls 96229->96230 96231 682ea5 96230->96231 96232 682ead 96231->96232 96233 6c2cb0 96231->96233 96237 68a8c7 22 API calls 96232->96237 96234 6f2cf9 80 API calls 96233->96234 96235 6c2cc3 96234->96235 96236 6c2ccf 96235->96236 96238 684f39 68 API calls 96235->96238 96241 684f39 68 API calls 96236->96241 96239 682ec3 96237->96239 96238->96236 96314 686f88 22 API calls 96239->96314 96243 6c2ce5 96241->96243 96242 682ecf 96244 689cb3 22 API calls 96242->96244 96330 683084 22 API calls 96243->96330 96245 682edc 96244->96245 96315 68a81b 41 API calls 96245->96315 96247 682eec 96250 689cb3 22 API calls 96247->96250 96249 6c2d02 96331 683084 22 API calls 96249->96331 96252 682f12 96250->96252 96316 68a81b 41 API calls 96252->96316 96253 6c2d1e 96255 683a5a 24 API calls 96253->96255 96256 6c2d44 96255->96256 96332 683084 22 API calls 96256->96332 96257 682f21 96260 68a961 22 API calls 96257->96260 96259 6c2d50 96261 68a8c7 22 API calls 96259->96261 96262 682f3f 96260->96262 96263 6c2d5e 96261->96263 96317 683084 22 API calls 96262->96317 96333 683084 22 API calls 96263->96333 96265 682f4b 96318 6a4a28 40 API calls 3 library calls 96265->96318 96268 6c2d6d 96272 68a8c7 22 API calls 96268->96272 96269 682f59 96269->96243 96270 682f63 96269->96270 96319 6a4a28 40 API calls 3 library calls 96270->96319 96273 6c2d83 96272->96273 96334 683084 22 API calls 96273->96334 96274 682f6e 96274->96249 96276 682f78 96274->96276 96320 6a4a28 40 API calls 3 library calls 96276->96320 96277 6c2d90 96279 682f83 96279->96253 96280 682f8d 96279->96280 96321 6a4a28 40 API calls 3 library calls 96280->96321 96282 682f98 96283 682fdc 96282->96283 96322 683084 22 API calls 96282->96322 96283->96268 96284 682fe8 96283->96284 96284->96277 96324 6863eb 22 API calls 96284->96324 96286 682fbf 96288 68a8c7 22 API calls 96286->96288 96290 682fcd 96288->96290 96289 682ff8 96325 686a50 22 API calls 96289->96325 96323 683084 22 API calls 96290->96323 96293 683006 96326 6870b0 23 API calls 96293->96326 96297 683021 96298 683065 96297->96298 96327 686f88 22 API calls 96297->96327 96328 6870b0 23 API calls 96297->96328 96329 683084 22 API calls 96297->96329 96301 684af0 __wsopen_s 96300->96301 96302 686b57 22 API calls 96301->96302 96303 684b22 96301->96303 96302->96303 96313 684b58 96303->96313 96335 684c6d 96303->96335 96305 684c6d 22 API calls 96305->96313 96306 689cb3 22 API calls 96308 684c52 96306->96308 96307 689cb3 22 API calls 96307->96313 96309 68515f 22 API calls 96308->96309 96311 684c5e 96309->96311 96310 68515f 22 API calls 96310->96313 96311->96225 96312 684c29 96312->96306 96312->96311 96313->96305 96313->96307 96313->96310 96313->96312 96314->96242 96315->96247 96316->96257 96317->96265 96318->96269 96319->96274 96320->96279 96321->96282 96322->96286 96323->96283 96324->96289 96325->96293 96326->96297 96327->96297 96328->96297 96329->96297 96330->96249 96331->96253 96332->96259 96333->96268 96334->96277 96336 68aec9 22 API calls 96335->96336 96337 684c78 96336->96337 96337->96303

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 389 6842de-68434d call 68a961 GetVersionExW call 686b57 394 6c3617-6c362a 389->394 395 684353 389->395 397 6c362b-6c362f 394->397 396 684355-684357 395->396 398 68435d-6843bc call 6893b2 call 6837a0 396->398 399 6c3656 396->399 400 6c3631 397->400 401 6c3632-6c363e 397->401 417 6c37df-6c37e6 398->417 418 6843c2-6843c4 398->418 404 6c365d-6c3660 399->404 400->401 401->397 403 6c3640-6c3642 401->403 403->396 406 6c3648-6c364f 403->406 407 68441b-684435 GetCurrentProcess IsWow64Process 404->407 408 6c3666-6c36a8 404->408 406->394 410 6c3651 406->410 413 684494-68449a 407->413 414 684437 407->414 408->407 411 6c36ae-6c36b1 408->411 410->399 415 6c36db-6c36e5 411->415 416 6c36b3-6c36bd 411->416 419 68443d-684449 413->419 414->419 423 6c36f8-6c3702 415->423 424 6c36e7-6c36f3 415->424 420 6c36bf-6c36c5 416->420 421 6c36ca-6c36d6 416->421 425 6c37e8 417->425 426 6c3806-6c3809 417->426 418->404 422 6843ca-6843dd 418->422 427 68444f-68445e LoadLibraryA 419->427 428 6c3824-6c3828 GetSystemInfo 419->428 420->407 421->407 431 6c3726-6c372f 422->431 432 6843e3-6843e5 422->432 434 6c3704-6c3710 423->434 435 6c3715-6c3721 423->435 424->407 433 6c37ee 425->433 436 6c380b-6c381a 426->436 437 6c37f4-6c37fc 426->437 429 68449c-6844a6 GetSystemInfo 427->429 430 684460-68446e GetProcAddress 427->430 439 684476-684478 429->439 430->429 438 684470-684474 GetNativeSystemInfo 430->438 442 6c373c-6c3748 431->442 443 6c3731-6c3737 431->443 440 6c374d-6c3762 432->440 441 6843eb-6843ee 432->441 433->437 434->407 435->407 436->433 444 6c381c-6c3822 436->444 437->426 438->439 447 68447a-68447b FreeLibrary 439->447 448 684481-684493 439->448 445 6c376f-6c377b 440->445 446 6c3764-6c376a 440->446 449 6843f4-68440f 441->449 450 6c3791-6c3794 441->450 442->407 443->407 444->437 445->407 446->407 447->448 452 6c3780-6c378c 449->452 453 684415 449->453 450->407 451 6c379a-6c37c1 450->451 454 6c37ce-6c37da 451->454 455 6c37c3-6c37c9 451->455 452->407 453->407 454->407 455->407
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0068430D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,0071CB64,00000000,?,?), ref: 00684422
                                                                                                                                                                                                                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00684429
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00684454
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00684466
                                                                                                                                                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00684474
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 0068447B
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 006844A0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c91dd854e035c234d456bd22eab27ba5686f11e2fef1d240ed1c65172f5139a4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 03007709734ee9a610d2abbdb395f7f20a39ebb12bd08b347d80978a36b9fbb2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c91dd854e035c234d456bd22eab27ba5686f11e2fef1d240ed1c65172f5139a4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AA1E26190A3D0DFC712D769B8607E43FE6AF26347B88C99CD04193B22D6AC4909CB2D

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1000 6842a2-6842ba CreateStreamOnHGlobal 1001 6842da-6842dd 1000->1001 1002 6842bc-6842d3 FindResourceExW 1000->1002 1003 6842d9 1002->1003 1004 6c35ba-6c35c9 LoadResource 1002->1004 1003->1001 1004->1003 1005 6c35cf-6c35dd SizeofResource 1004->1005 1005->1003 1006 6c35e3-6c35ee LockResource 1005->1006 1006->1003 1007 6c35f4-6c35fc 1006->1007 1008 6c3600-6c3612 1007->1008 1008->1003
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,006850AA,?,?,00000000,00000000), ref: 006842B2
                                                                                                                                                                                                                                                                                                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,006850AA,?,?,00000000,00000000), ref: 006842C9
                                                                                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,006850AA,?,?,00000000,00000000,?,?,?,?,?,?,00684F20), ref: 006C35BE
                                                                                                                                                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,006850AA,?,?,00000000,00000000,?,?,?,?,?,?,00684F20), ref: 006C35D3
                                                                                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(006850AA,?,?,006850AA,?,?,00000000,00000000,?,?,?,?,?,?,00684F20,?), ref: 006C35E6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0102e3df0fb72a0d17e21b59f7f930ce7ba8dc4a7469cd44bf65f32a9586d866
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ccdff9ff1a1ab8212e5a08288cb3a93d0591f86c1c4641460288be6173a025fa
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0102e3df0fb72a0d17e21b59f7f930ce7ba8dc4a7469cd44bf65f32a9586d866
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57117C74244705BFD7229BA9DC49FA77BBAFFC9B55F108269F402D6290DB71D9008620

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00682B6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00751418,?,00682E7F,?,?,?,00000000), ref: 00683A78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00742224), ref: 006C2C10
                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00742224), ref: 006C2C17
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1dc5e1f2b66db72880297035fbe2f44228b456dc8c80658a100f0859ce34a3ce
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a8439e180628baded3c8f5cc600c548a4c09ef6ab6a2142d82b403d9c9518caf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dc5e1f2b66db72880297035fbe2f44228b456dc8c80658a100f0859ce34a3ce
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 921106711083826BC745FF60D861EFE77A69F90745F44562CF442121E3CF688A0A871A

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1446 6ed4dc-6ed524 CreateToolhelp32Snapshot Process32FirstW call 6edef7 1449 6ed5d2-6ed5d5 1446->1449 1450 6ed5db-6ed5ea CloseHandle 1449->1450 1451 6ed529-6ed538 Process32NextW 1449->1451 1451->1450 1452 6ed53e-6ed5ad call 68a961 * 2 call 689cb3 call 68525f call 68988f call 686350 call 69ce60 1451->1452 1467 6ed5af-6ed5b1 1452->1467 1468 6ed5b7-6ed5be 1452->1468 1469 6ed5b3-6ed5b5 1467->1469 1470 6ed5c0-6ed5cd call 68988f * 2 1467->1470 1468->1470 1469->1468 1469->1470 1470->1449
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 006ED501
                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 006ED50F
                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 006ED52F
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 006ED5DC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9ed1387e257f9aeddf95dfc347adb56bfa1fc7be70a57f7d40aec61e15a73ca7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fb71c7647dcf16acebb56400883eefa49c4e5946e8ac8b345e8c878e755fec1c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ed1387e257f9aeddf95dfc347adb56bfa1fc7be70a57f7d40aec61e15a73ca7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C731C2710083409FD305EF94C885ABFBBF9EF99354F14492DF581872A1EB719A48CBA2

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1474 6edbbe-6edbda lstrlenW 1475 6edbdc-6edbe6 GetFileAttributesW 1474->1475 1476 6edc06 1474->1476 1477 6edbe8-6edbf7 FindFirstFileW 1475->1477 1478 6edc09-6edc0d 1475->1478 1476->1478 1477->1476 1479 6edbf9-6edc04 FindClose 1477->1479 1479->1478
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,006C5222), ref: 006EDBCE
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 006EDBDD
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 006EDBEE
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006EDBFA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 74d9ea3209eb2d3ab18e531f7747aa9c9070bec710cbf5d056959b65c16aed6b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e7de7eaa15886040c6c3a23e9a8cd28199c7d4366476fab866590d193a45648b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74d9ea3209eb2d3ab18e531f7747aa9c9070bec710cbf5d056959b65c16aed6b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90F0EC704516145792216BBC9C0D4EA376DAE013B4B20C702F435C11F0FBB45D55C5DA
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(006B28E9,?,006A4CBE,006B28E9,007488B8,0000000C,006A4E15,006B28E9,00000002,00000000,?,006B28E9), ref: 006A4D09
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,006A4CBE,006B28E9,007488B8,0000000C,006A4E15,006B28E9,00000002,00000000,?,006B28E9), ref: 006A4D10
                                                                                                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 006A4D22
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c22e8b9a9000b8ba71152632b535d1fd8559fa834f3884c53b15784df386b360
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b406e248f3bb425735b701ba3e575254f86e84845290b986b0becceb081ff4e3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c22e8b9a9000b8ba71152632b535d1fd8559fa834f3884c53b15784df386b360
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE0B671040148ABCF12BF98DD09A987B6AEF82785B10C018FD159A262DB79DE42DF98
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: p#u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3964851224-896942992
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c6dc14f420533d6c52836f91faed8b15a84500a0b74c645bb6d0884195fdff19
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 82d3c156409c47033414f303127b3ec7fb8a22e76e59e25c137012101be7d7f5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6dc14f420533d6c52836f91faed8b15a84500a0b74c645bb6d0884195fdff19
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EA27E70A08301DFDB50DF14C490B6ABBE2BF89314F14896EE9999B352D771EC45CBA2

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 0 70aff9-70b056 call 6a2340 3 70b094-70b098 0->3 4 70b058-70b06b call 68b567 0->4 6 70b09a-70b0bb call 68b567 * 2 3->6 7 70b0dd-70b0e0 3->7 13 70b0c8 4->13 14 70b06d-70b092 call 68b567 * 2 4->14 29 70b0bf-70b0c4 6->29 9 70b0e2-70b0e5 7->9 10 70b0f5-70b119 call 687510 call 687620 7->10 15 70b0e8-70b0ed call 68b567 9->15 31 70b1d8-70b1e0 10->31 32 70b11f-70b178 call 687510 call 687620 call 687510 call 687620 call 687510 call 687620 10->32 19 70b0cb-70b0cf 13->19 14->29 15->10 24 70b0d1-70b0d7 19->24 25 70b0d9-70b0db 19->25 24->15 25->7 25->10 29->7 33 70b0c6 29->33 36 70b1e2-70b1fd call 687510 call 687620 31->36 37 70b20a-70b238 GetCurrentDirectoryW call 69fe0b GetCurrentDirectoryW 31->37 79 70b1a6-70b1d6 GetSystemDirectoryW call 69fe0b GetSystemDirectoryW 32->79 80 70b17a-70b195 call 687510 call 687620 32->80 33->19 36->37 50 70b1ff-70b208 call 6a4963 36->50 45 70b23c 37->45 49 70b240-70b244 45->49 52 70b275-70b285 call 6f00d9 49->52 53 70b246-70b270 call 689c6e * 3 49->53 50->37 50->52 62 70b287-70b289 52->62 63 70b28b-70b2e1 call 6f07c0 call 6f06e6 call 6f05a7 52->63 53->52 66 70b2ee-70b2f2 62->66 63->66 99 70b2e3 63->99 71 70b2f8-70b321 call 6e11c8 66->71 72 70b39a-70b3be CreateProcessW 66->72 88 70b323-70b328 call 6e1201 71->88 89 70b32a call 6e14ce 71->89 76 70b3c1-70b3d4 call 69fe14 * 2 72->76 103 70b3d6-70b3e8 76->103 104 70b42f-70b43d CloseHandle 76->104 79->45 80->79 105 70b197-70b1a0 call 6a4963 80->105 98 70b32f-70b33c call 6a4963 88->98 89->98 115 70b347-70b357 call 6a4963 98->115 116 70b33e-70b345 98->116 99->66 109 70b3ea 103->109 110 70b3ed-70b3fc 103->110 107 70b49c 104->107 108 70b43f-70b444 104->108 105->49 105->79 113 70b4a0-70b4a4 107->113 117 70b451-70b456 108->117 118 70b446-70b44c CloseHandle 108->118 109->110 111 70b401-70b42a GetLastError call 68630c call 68cfa0 110->111 112 70b3fe 110->112 127 70b4e5-70b4f6 call 6f0175 111->127 112->111 120 70b4b2-70b4bc 113->120 121 70b4a6-70b4b0 113->121 136 70b362-70b372 call 6a4963 115->136 137 70b359-70b360 115->137 116->115 116->116 124 70b463-70b468 117->124 125 70b458-70b45e CloseHandle 117->125 118->117 128 70b4c4-70b4e3 call 68cfa0 CloseHandle 120->128 129 70b4be 120->129 121->127 131 70b475-70b49a call 6f09d9 call 70b536 124->131 132 70b46a-70b470 CloseHandle 124->132 125->124 128->127 129->128 131->113 132->131 147 70b374-70b37b 136->147 148 70b37d-70b398 call 69fe14 * 3 136->148 137->136 137->137 147->147 147->148 148->76
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0070B198
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0070B1B0
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0070B1D4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0070B200
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0070B214
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0070B236
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0070B332
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006F05A7: GetStdHandle.KERNEL32(000000F6), ref: 006F05C6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0070B34B
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0070B366
                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0070B3B6
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 0070B407
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0070B439
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0070B44A
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0070B45C
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0070B46E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0070B4E3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cd12ff9877e70464ea8d46022a91e58ce864726317abc71c6848a288dd4547eb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c23c2f26682a4d8d4ae458152030af4bd3925adae1b14bd0a3cc290025daf15e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd12ff9877e70464ea8d46022a91e58ce864726317abc71c6848a288dd4547eb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96F1AA31608340DFCB54EF24C881B6ABBE6AF85314F18865DF8959B2E2DB35ED40CB56
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 0068D807
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 0068DA07
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0068DB28
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 0068DB7B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 0068DB89
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0068DB9F
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 0068DBB1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7fbcc5332b600a6624cbe13f6a62a6a2b56653944eee6109d6c8c82b80042317
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 09339ec761c5e60ea284f1c41392520b28c3709695ae065ff4da5354ef67de94
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fbcc5332b600a6624cbe13f6a62a6a2b56653944eee6109d6c8c82b80042317
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91421270A04342EFDB28DF24C854BAAB7E2BF85314F14861EE455873D1D7B4E845CBA6

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00682D07
                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 00682D31
                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00682D42
                                                                                                                                                                                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00682D5F
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00682D6F
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A9), ref: 00682D85
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00682D94
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 404704ec6e62e094d3b83298098f0a2448ff4ea1b84758e92bbaf4b452f986ee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0455614db46a02fd7d0524005c0c4b0e3a32c314638c4e48cae1cbe0c69bfa6e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 404704ec6e62e094d3b83298098f0a2448ff4ea1b84758e92bbaf4b452f986ee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A721E2B5941348AFDB01DFE8EC59BDDBBB4FB08702F00C11AE511A62A0D7B955408F98

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 457 6c065b-6c068b call 6c042f 460 6c068d-6c0698 call 6af2c6 457->460 461 6c06a6-6c06b2 call 6b5221 457->461 466 6c069a-6c06a1 call 6af2d9 460->466 467 6c06cb-6c0714 call 6c039a 461->467 468 6c06b4-6c06c9 call 6af2c6 call 6af2d9 461->468 478 6c097d-6c0983 466->478 476 6c0716-6c071f 467->476 477 6c0781-6c078a GetFileType 467->477 468->466 480 6c0756-6c077c GetLastError call 6af2a3 476->480 481 6c0721-6c0725 476->481 482 6c078c-6c07bd GetLastError call 6af2a3 CloseHandle 477->482 483 6c07d3-6c07d6 477->483 480->466 481->480 486 6c0727-6c0754 call 6c039a 481->486 482->466 494 6c07c3-6c07ce call 6af2d9 482->494 484 6c07df-6c07e5 483->484 485 6c07d8-6c07dd 483->485 490 6c07e9-6c0837 call 6b516a 484->490 491 6c07e7 484->491 485->490 486->477 486->480 500 6c0839-6c0845 call 6c05ab 490->500 501 6c0847-6c086b call 6c014d 490->501 491->490 494->466 500->501 508 6c086f-6c0879 call 6b86ae 500->508 506 6c086d 501->506 507 6c087e-6c08c1 501->507 506->508 510 6c08e2-6c08f0 507->510 511 6c08c3-6c08c7 507->511 508->478 514 6c097b 510->514 515 6c08f6-6c08fa 510->515 511->510 513 6c08c9-6c08dd 511->513 513->510 514->478 515->514 516 6c08fc-6c092f CloseHandle call 6c039a 515->516 519 6c0931-6c095d GetLastError call 6af2a3 call 6b5333 516->519 520 6c0963-6c0977 516->520 519->520 520->514
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006C039A: CreateFileW.KERNELBASE(00000000,00000000,?,006C0704,?,?,00000000,?,006C0704,00000000,0000000C), ref: 006C03B7
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006C076F
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 006C0776
                                                                                                                                                                                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 006C0782
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006C078C
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 006C0795
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 006C07B5
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 006C08FF
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006C0931
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 006C0938
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6392303719a2a502249abab792254a8bf3f6ca2fce85956f1c025b1737d663be
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4dbbc3dd5e9b3ff4bc1ebf8d374a68f153fbe8297af5046b599b793f935279a9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6392303719a2a502249abab792254a8bf3f6ca2fce85956f1c025b1737d663be
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8A10332A042148FEF19AFA8D851BFE7BA2EB06320F14415DF8159B3D1DB359D12CB96

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00751418,?,00682E7F,?,?,?,00000000), ref: 00683A78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00683379
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0068356A
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 006C318D
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 006C31CE
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 006C3210
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006C3277
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006C3286
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3c5c75c96c022a2961df89ac5d07c328021dc82232a81d3646855f4efe7a7a76
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5b270269ea124f57cfb9b874b0add0cc5367983e896ced56b0aa2a3f3ea2e2c7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c5c75c96c022a2961df89ac5d07c328021dc82232a81d3646855f4efe7a7a76
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA71C1714043019EC744EF69DC81DEBBBE9FF86340F40852EF545932A1EBB89A49CB69

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00682B8E
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00682B9D
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00682BB3
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A4), ref: 00682BC5
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A2), ref: 00682BD7
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00682BEF
                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 00682C40
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00682CD4: GetSysColorBrush.USER32(0000000F), ref: 00682D07
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00682CD4: RegisterClassExW.USER32(00000030), ref: 00682D31
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00682CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00682D42
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00682CD4: InitCommonControlsEx.COMCTL32(?), ref: 00682D5F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00682CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00682D6F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00682CD4: LoadIconW.USER32(000000A9), ref: 00682D85
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00682CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00682D94
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1893e7a651f1eb87fe5f9533d0816182c54d0cdeb21afc98aaa9b74ae726f736
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 00ec3528a74c410600b2a09a7380e4366caa4b4fe976b2095e341994b1c4a08d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1893e7a651f1eb87fe5f9533d0816182c54d0cdeb21afc98aaa9b74ae726f736
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01214C70E40314ABDB119FE9EC65BE97FB5FB08B52F40C15AE500A66A0D3F90940CF98
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0068BB4E
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: p#u$p#u$p#u$p#u$p%u$p%u$x#u$x#u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1385522511-2462287179
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 774309ef60233665b212a4139d88b507fe2dcee49d550834efa3684f9ffc5a5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b700f23bc226425743200dea2bb466d73fbec0b2b3b6a4cf060b5520a3559b10
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 774309ef60233665b212a4139d88b507fe2dcee49d550834efa3684f9ffc5a5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F832AC70A002099FEF24EF54C894BFEB7BAEF45300F15815AE905AB351D7B8AD42CB95

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 805 683170-683185 806 6831e5-6831e7 805->806 807 683187-68318a 805->807 806->807 808 6831e9 806->808 809 6831eb 807->809 810 68318c-683193 807->810 811 6831d0-6831d8 DefWindowProcW 808->811 812 6c2dfb-6c2e23 call 6818e2 call 69e499 809->812 813 6831f1-6831f6 809->813 814 683199-68319e 810->814 815 683265-68326d PostQuitMessage 810->815 818 6831de-6831e4 811->818 848 6c2e28-6c2e2f 812->848 820 6831f8-6831fb 813->820 821 68321d-683244 SetTimer RegisterWindowMessageW 813->821 816 6c2e7c-6c2e90 call 6ebf30 814->816 817 6831a4-6831a8 814->817 819 683219-68321b 815->819 816->819 842 6c2e96 816->842 824 6c2e68-6c2e72 call 6ec161 817->824 825 6831ae-6831b3 817->825 819->818 828 6c2d9c-6c2d9f 820->828 829 683201-68320f KillTimer call 6830f2 820->829 821->819 826 683246-683251 CreatePopupMenu 821->826 838 6c2e77 824->838 831 6c2e4d-6c2e54 825->831 832 6831b9-6831be 825->832 826->819 834 6c2dd7-6c2df6 MoveWindow 828->834 835 6c2da1-6c2da5 828->835 846 683214 call 683c50 829->846 831->811 845 6c2e5a-6c2e63 call 6e0ad7 831->845 840 683253-683263 call 68326f 832->840 841 6831c4-6831ca 832->841 834->819 843 6c2dc6-6c2dd2 SetFocus 835->843 844 6c2da7-6c2daa 835->844 838->819 840->819 841->811 841->848 842->811 843->819 844->841 849 6c2db0-6c2dc1 call 6818e2 844->849 845->811 846->819 848->811 853 6c2e35-6c2e48 call 6830f2 call 683837 848->853 849->819 853->811
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0068316A,?,?), ref: 006831D8
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,0068316A,?,?), ref: 00683204
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00683227
                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0068316A,?,?), ref: 00683232
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00683246
                                                                                                                                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00683267
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3bb409a0dc314d2d5706bd819689b2feca1169c9fe9f9493673fdba5a84f8cd3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a40f94fd151cc07d7db4c7640d12b4db22ab0e00cba066a172afd933302a0ef7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bb409a0dc314d2d5706bd819689b2feca1169c9fe9f9493673fdba5a84f8cd3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69413831240364A7DB153B789C2DBFD3A1BEB05F42F448329F942863E1C7E9AB418769

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 861 681410-681449 862 6c24b8-6c24b9 DestroyWindow 861->862 863 68144f-681465 mciSendStringW 861->863 866 6c24c4-6c24d1 862->866 864 68146b-681473 863->864 865 6816c6-6816d3 863->865 864->866 867 681479-681488 call 68182e 864->867 868 6816f8-6816ff 865->868 869 6816d5-6816f0 UnregisterHotKey 865->869 870 6c2500-6c2507 866->870 871 6c24d3-6c24d6 866->871 882 6c250e-6c251a 867->882 883 68148e-681496 867->883 868->864 874 681705 868->874 869->868 873 6816f2-6816f3 call 6810d0 869->873 870->866 875 6c2509 870->875 876 6c24d8-6c24e0 call 686246 871->876 877 6c24e2-6c24e5 FindClose 871->877 873->868 874->865 875->882 881 6c24eb-6c24f8 876->881 877->881 881->870 887 6c24fa-6c24fb call 6f32b1 881->887 884 6c251c-6c251e FreeLibrary 882->884 885 6c2524-6c252b 882->885 888 68149c-6814c1 call 68cfa0 883->888 889 6c2532-6c253f 883->889 884->885 885->882 890 6c252d 885->890 887->870 898 6814f8-681503 CoUninitialize 888->898 899 6814c3 888->899 891 6c2566-6c256d 889->891 892 6c2541-6c255e VirtualFree 889->892 890->889 891->889 896 6c256f 891->896 892->891 895 6c2560-6c2561 call 6f3317 892->895 895->891 903 6c2574-6c2578 896->903 902 681509-68150e 898->902 898->903 901 6814c6-6814f6 call 681a05 call 6819ae 899->901 901->898 905 6c2589-6c2596 call 6f32eb 902->905 906 681514-68151e 902->906 903->902 907 6c257e-6c2584 903->907 919 6c2598 905->919 910 681524-68152f call 68988f 906->910 911 681707-681714 call 69f80e 906->911 907->902 922 681535 call 681944 910->922 911->910 921 68171a 911->921 923 6c259d-6c25bf call 69fdcd 919->923 921->911 924 68153a-6815a5 call 6817d5 call 69fe14 call 68177c call 68988f call 68cfa0 call 6817fe call 69fe14 922->924 930 6c25c1 923->930 924->923 951 6815ab-6815cf call 69fe14 924->951 933 6c25c6-6c25e8 call 69fdcd 930->933 939 6c25ea 933->939 941 6c25ef-6c2611 call 69fdcd 939->941 947 6c2613 941->947 950 6c2618-6c2625 call 6e64d4 947->950 956 6c2627 950->956 951->933 957 6815d5-6815f9 call 69fe14 951->957 960 6c262c-6c2639 call 69ac64 956->960 957->941 961 6815ff-681619 call 69fe14 957->961 966 6c263b 960->966 961->950 967 68161f-681643 call 6817d5 call 69fe14 961->967 968 6c2640-6c264d call 6f3245 966->968 967->960 976 681649-681651 967->976 974 6c264f 968->974 977 6c2654-6c2661 call 6f32cc 974->977 976->968 978 681657-681668 call 68988f call 68190a 976->978 983 6c2663 977->983 985 68166d-681675 978->985 987 6c2668-6c2675 call 6f32cc 983->987 985->977 986 68167b-681689 985->986 986->987 988 68168f-6816c5 call 68988f * 3 call 681876 986->988 993 6c2677 987->993 993->993
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00681459
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.COMBASE ref: 006814F8
                                                                                                                                                                                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 006816DD
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 006C24B9
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 006C251E
                                                                                                                                                                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 006C254B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a13b31ecc6e4820a622bf079e2106cdab57a7bf4cf0f93a9b1badd9b108257c9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3cb73a4e159b3208e569a821b3f26afdec0a37dd8a5356f2cede13885dfa0eda
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a13b31ecc6e4820a622bf079e2106cdab57a7bf4cf0f93a9b1badd9b108257c9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCD168717012128FCB29EF15C4A5F69F7AABF06700F1482ADE84AAB251DB30AD53CF54

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1010 682c63-682cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00682C91
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00682CB2
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00681CAD,?), ref: 00682CC6
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00681CAD,?), ref: 00682CCF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 12c8a15061a3f6f0c31873d53f7f2bf6de98c298f405d574e1617146f43ef064
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b0d1abf1c315df023011bb5be8fde395be666c819bd7634f2afc3c129e76acf7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12c8a15061a3f6f0c31873d53f7f2bf6de98c298f405d574e1617146f43ef064
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51F03A755803907AEB310757AC28FF72EBDD7C6F62F41801AF900A25B0C2A91840DAB8

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1435 683b1c-683b27 1436 683b99-683b9b 1435->1436 1437 683b29-683b2e 1435->1437 1438 683b8c-683b8f 1436->1438 1437->1436 1439 683b30-683b48 RegOpenKeyExW 1437->1439 1439->1436 1440 683b4a-683b69 RegQueryValueExW 1439->1440 1441 683b6b-683b76 1440->1441 1442 683b80-683b8b RegCloseKey 1440->1442 1443 683b78-683b7a 1441->1443 1444 683b90-683b97 1441->1444 1442->1438 1445 683b7e 1443->1445 1444->1445 1445->1442
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00683B0F,SwapMouseButtons,00000004,?), ref: 00683B40
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00683B0F,SwapMouseButtons,00000004,?), ref: 00683B61
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00683B0F,SwapMouseButtons,00000004,?), ref: 00683B83
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dc6fa97ccd0aa397b0a09ae92208407972b137899b0fec1bd83ff00c1a5af8ee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7fc0e6970e72ea67262ef8a6b687360939489244675a79f74c57dc3c92d6502b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc6fa97ccd0aa397b0a09ae92208407972b137899b0fec1bd83ff00c1a5af8ee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68112AB5510218FFDB21DFA9DC44AEEB7B9EF24B84B108559A805D7210E2319F409764
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 006C33A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00683A04
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4429140ab6d28aa22025af398f38ccc6131c45a8a23bfaf578571d838860d26f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 700451bf4fcd6cdbfdcd614b86ebd6319f4caa4f4551030cd0a8c36d8fdbadae
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4429140ab6d28aa22025af398f38ccc6131c45a8a23bfaf578571d838860d26f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6431E571408360AFC765FB10DC55BEB77D9AB40711F008A1EF59982291EBB49A49C7CA
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 006C2C8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00683A97,?,?,00682E7F,?,?,?,00000000), ref: 00683AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00682DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00682DC4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X$`et
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 779396738-3861162649
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d00ec17c91cd80fd247b4b7b3607f113ac76f335f604c083815bcf1386d5150b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a585316b719435a48a1b82d78126e051bae23ef10c5536e9564edd82dc1430a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d00ec17c91cd80fd247b4b7b3607f113ac76f335f604c083815bcf1386d5150b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7721D570A002989FCF41EF98C819BEE7BFAAF49715F00805DE405B7341DBB85A498F65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 006A0668
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A32A4: RaiseException.KERNEL32(?,?,?,006A068A,?,00751444,?,?,?,?,?,?,006A068A,00681129,00748738,00681129), ref: 006A3304
                                                                                                                                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 006A0685
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 52521aeee389f686b9da07e25f47094579523a4b1c04b9e97b36b4caacec36c0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fbf286206d50bce1ea8a6168bb88f19ab08a9082e13122331d5915444cf655ae
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52521aeee389f686b9da07e25f47094579523a4b1c04b9e97b36b4caacec36c0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31F0FF2490020C638F40B6A4D846CAE776E5E02344B604039B814C2A92EF71EE2ACD85
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00681BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00681BF4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00681BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00681BFC
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00681BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00681C07
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00681BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00681C12
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00681BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00681C1A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00681BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00681C22
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00681B4A: RegisterWindowMessageW.USER32(00000004,?,006812C4), ref: 00681BA2
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0068136A
                                                                                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32 ref: 00681388
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 006C24AB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7c9015d1890d87a7ba49fc51ba19634737338ab5e670df19e226973942298e58
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: be6e43ac798b6de16ed2d14b18aac24540b2b9ec5316046d6a13fa84fdc07657
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c9015d1890d87a7ba49fc51ba19634737338ab5e670df19e226973942298e58
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9271B9B49013408EC785EFB9A8457E53AE5AB88357394C62ED40ACB361FBB85865CF4C
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00683A04
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 006EC259
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?), ref: 006EC261
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 006EC270
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aa01388502ecada831c018b574755fd8276b9ae054c240f7956cad25d9002470
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0141c17e2bad181feadc4d59d2b1e6da340db3e48473f53560bd59ed1abf634f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa01388502ecada831c018b574755fd8276b9ae054c240f7956cad25d9002470
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD31F570905384AFEB329F748855BEBBBEE9F06314F00409EE2DA93281C3745B86CB55
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,00000000,?,?,006B85CC,?,00748CC8,0000000C), ref: 006B8704
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,006B85CC,?,00748CC8,0000000C), ref: 006B870E
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 006B8739
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 287a73a1cd3eee8b16844aa7451954e0bcc94e74c74d72334128a2881dc88396
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f30fd18cc831fe3244617fcc198c4e22e9d3d058593280e8453e762c535ab93b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 287a73a1cd3eee8b16844aa7451954e0bcc94e74c74d72334128a2881dc88396
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 910148B26042302EC6A07274A8457EE278F4B92778F39011DE8158B3D2FEA48CC1C398
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 0068DB7B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 0068DB89
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0068DB9F
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 0068DBB1
                                                                                                                                                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,?,?), ref: 006D1CC9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3702e339bba422f0201bbd7040d896fb464df71742bafabd9a72c808d8c6be67
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb8ea16d1772830cfb188685e27a62bfa097aae90cdd654c3184c27d77b4c952
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3702e339bba422f0201bbd7040d896fb464df71742bafabd9a72c808d8c6be67
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9F082706443409BEB30DBA4CC49FEA73BEEF45311F508A19E61AC71C0DBB8A448CB29
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 006917F6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 398e2619482ef05ef81a7f26680401fb37c91f28ae5f2d3bbe5d199b80081f51
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 13e96f984b6014a2f35beaac65bdb42f55060bd0b1cd48037526a262c75b402d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 398e2619482ef05ef81a7f26680401fb37c91f28ae5f2d3bbe5d199b80081f51
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C22AEB0608302DFCB14DF14C480A6ABBFABF8A314F25895EF4968B761D771E845CB52
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00683908
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a65dccc41e0e8ede5d4f8eddc26fc21f0c6a499a114e0bd260dd8fc8bb08e79b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5c5a0fab43825b98f08d75d0ff3b0819a3fb4882d7363d33c97921f70b054e78
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a65dccc41e0e8ede5d4f8eddc26fc21f0c6a499a114e0bd260dd8fc8bb08e79b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7631F5B06043118FD760EF24C8947D7BBE8FB49709F004A2EF99983380E7B5AA04CB56
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 0069F661
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0068D730: GetInputState.USER32 ref: 0068D807
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 006DF2DE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 44589fd66f978583d4cf9eda854789d2241eb897cb3b3d28f0b9cda3986a3e2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf199d3ef2337c11dbd61f8849eb41e00fd292389b99819789862c15cc5ad701
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44589fd66f978583d4cf9eda854789d2241eb897cb3b3d28f0b9cda3986a3e2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0F082712802059FD350FF69D445B5ABBE9EF45760F004129E959C73A0DB70A800CB99
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0074973351943a9e841a4e7c9a33d79d6dabb14d422723b90f7e65f6bbf96eeb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4227589400f58f71bf673309bc8ace60bedc36036f3a732c4f399e979dc752a5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0074973351943a9e841a4e7c9a33d79d6dabb14d422723b90f7e65f6bbf96eeb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9031C571201200DBEA39AF98C441F79F3A3DF41712F284A2FE885DAA52D729AC41DB56
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00684E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00684EDD,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684E9C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00684E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00684EAE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00684E90: FreeLibrary.KERNEL32(00000000,?,?,00684EDD,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684EC0
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684EFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00684E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,006C3CDE,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684E62
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00684E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00684E74
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00684E59: FreeLibrary.KERNEL32(00000000,?,?,006C3CDE,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684E87
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b94b5860ef8bd8c6d2aa62501d9b958f4936467cb94d5946a0460d456d8c68bc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c2d020f0c37eb8dd0c6545dc9ad0c1026f2a57e7f2788d3dcb27901edfd600e2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b94b5860ef8bd8c6d2aa62501d9b958f4936467cb94d5946a0460d456d8c68bc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41112731600306AACB20BF64DC06FED77A7AF80714F10852DF142A61C1EE719E059B58
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e85a8f764a19cd7d7e64a392af8df33984e428e40bce8f687b431b3414ee141b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b0bda766227cc30ddc104f59cdd4807105de4a012e1fd2fc8686b5c13372b552
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e85a8f764a19cd7d7e64a392af8df33984e428e40bce8f687b431b3414ee141b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 031118B590420AAFCF05DF58E941ADA7BF9EF48314F104059FC08AB312DA31DA11CBA5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B4C7D: RtlAllocateHeap.NTDLL(00000008,00681129,00000000,?,006B2E29,00000001,00000364,?,?,?,006AF2DE,006B3863,00751444,?,0069FDF5,?), ref: 006B4CBE
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B506C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b5fa9478cb04d0335dfc39c2628bdb206ad2d866f6b8ae371cbdee17925d143f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 440149B22047056BE3319F65D881ADAFBEEFB89370F25051DE185832C0EB30A885C7B4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a412a6f2f7552fc93f74f2d7a4b5ffff51442dce1b9358edcfae4d16d15b1661
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74F0D172510A10AAD6313A698C05BDA339F9F63371F100B29F425932D2DA759C428EAD
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00681129,00000000,?,006B2E29,00000001,00000364,?,?,?,006AF2DE,006B3863,00751444,?,0069FDF5,?), ref: 006B4CBE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 28dbeb73025ba03cf38af19d135b1ce31f5b37a545f0b45ddd3d8b76dbbb4ddd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b19e6b4002fef0e246ee50ef50969e6fa832ad7ed52215b91a4df5e792b7b821
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28dbeb73025ba03cf38af19d135b1ce31f5b37a545f0b45ddd3d8b76dbbb4ddd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35F0B47164222866DB216F669C05BDA3F8BBF81BA1B148125F819A6283CF70DC4147E4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00751444,?,0069FDF5,?,?,0068A976,00000010,00751440,006813FC,?,006813C6,?,00681129), ref: 006B3852
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e0f6d5dc7f14c15b1966ea3ad3e6e8be0d114cef73a0a8f95f2a7a4a2a072d4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5b4ae1e1a8e2cf9529019fe2ce4f2d2cbc3cc45f17d30a690d3bd7051b0f319a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0f6d5dc7f14c15b1966ea3ad3e6e8be0d114cef73a0a8f95f2a7a4a2a072d4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07E0E57134023466D73136AA9C01BDA374BBF827B1F060034BD0592790DF50DE8187E7
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684F6D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6debd210114b25ff05e39237640043a061755c1e2d5dc8e1a7e192374903c6c5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 657c97b089a1aa781ba052fbb935c561d9c1ee1802189eb5ba80adad7a80342d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6debd210114b25ff05e39237640043a061755c1e2d5dc8e1a7e192374903c6c5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68F03971105752CFDB34AF64D490862BBE6BF54329325CABEE2EA82621CB329844DF10
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00712A66
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5c17cd5f91fb7ceeacda25da50c75df33e92d62b2458c6179d9a38113b12ee5f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dc039c9b5c523a882bed04714c84796a51085ef479a7db7f77811510c094a66f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c17cd5f91fb7ceeacda25da50c75df33e92d62b2458c6179d9a38113b12ee5f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CE0DF3238021AAACB50EA34DC808FA735CEF10390710803AAC16C6181EB38E9A282A4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0068314E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 193bb9daa29e31cb6747718ea81a8a054276af2ac73d7f68059ffa4acabd1a57
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a1a7b373c873fe7a00693fe4196a3c9160614e39b532396411ad06b9c590e656
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 193bb9daa29e31cb6747718ea81a8a054276af2ac73d7f68059ffa4acabd1a57
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43F0A7709043549FEB529B24DC497D57BBCA701709F0040E9A58896291D7B44B88CF45
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00682DC4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b2b3b47a3bfe651ee96f4e7073ce0af5100030e2ab5e3c74f8a48a87dfdc3e7a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 202e67dbfe78a49639da02c2fafcdf743c1ff5cdbfa59d75795795680163c41f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2b3b47a3bfe651ee96f4e7073ce0af5100030e2ab5e3c74f8a48a87dfdc3e7a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6E0CD726002245BC711A298DC05FEA77DDDFC9790F044179FD09D7248D974ED808654
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00683908
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0068D730: GetInputState.USER32 ref: 0068D807
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00682B6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0068314E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9d4e2e41c749bb70d89cf299762eeda7086f2fdfb9a5c027213712d6bf1e9504
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f0dcc9376197c4b127d1310c613238588600bba1ae23cb74e30a0a84f5a22928
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d4e2e41c749bb70d89cf299762eeda7086f2fdfb9a5c027213712d6bf1e9504
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EE0263130025402CA48BB74A8125FDA34B8BD1756F40573EF142432E2CE684949432A
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,00000000,?,006C0704,?,?,00000000,?,006C0704,00000000,0000000C), ref: 006C03B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 730a4fa0e8bb5edd60a9a73984fcd8a6d07451c377e51847b712797358c2a543
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fff97c8948527b237504153f30b099448a575bc924084ded6a94f3f4c6d6e4d9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 730a4fa0e8bb5edd60a9a73984fcd8a6d07451c377e51847b712797358c2a543
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AD06C3208010DBBDF028F84DD06EDA3BAAFB48714F018000BE1856060C736E821AB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00681CBC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fe2a9ac1bab54e171fe8e1be8190f86ae8b5e14498fd5bdbb2ec1fc9154dc104
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7d851acf2c5eeebe6ec842ff3c9dd88e4d292314408b905fd831b7bb5bc8617b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe2a9ac1bab54e171fe8e1be8190f86ae8b5e14498fd5bdbb2ec1fc9154dc104
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADC09B352C03049FF21547C4BC5AF907755A348B02F54C401F609555F3D3E51430D658
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0071961A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0071965B
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0071969F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007196C9
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 007196F2
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 0071978B
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000009), ref: 00719798
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007197AE
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 007197B8
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007197E9
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00719810
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001030,?,00717E95), ref: 00719918
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0071992E
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00719941
                                                                                                                                                                                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 0071994A
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 007199AF
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 007199BC
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007199D6
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 007199E1
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00719A19
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00719A26
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00719A80
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00719AAE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00719AEB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00719B1A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00719B3B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00719B4A
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00719B68
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00719B75
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00719B93
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00719BFA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00719C2B
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00719C84
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00719CB4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00719CDE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00719D01
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00719D4E
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00719D82
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699944: GetWindowLongW.USER32(?,000000EB), ref: 00699952
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00719E05
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGID$F$p#u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3429851547-3412459582
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 513f69d02fde08236b13077898db281eeb735f5975b478b3a02bf999ca2a5d34
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5453cb1be751f384d73e5aeac657b3f1149da63cf48d2439c407c06abb7ff89e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 513f69d02fde08236b13077898db281eeb735f5975b478b3a02bf999ca2a5d34
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D429C30204240EFD725CF68CC54AEABBE5FF88310F148659F699872E1D779E892CB65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 007148F3
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00714908
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00714927
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0071494B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0071495C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0071497B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 007149AE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 007149D4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00714A0F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00714A56
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00714A7E
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00714A97
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00714AF2
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00714B20
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00714B94
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00714BE3
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00714C82
                                                                                                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00714CAE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00714CC9
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00714CF1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00714D13
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00714D33
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00714D5A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bfffb9a9476c916a4b7fe2549d6e322f4d7543a63a0669f337a34e0686e69cf3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bc22f0db0d4ea8f4b6ce38ebae9331a133f80153887e5ed58d7736afae030595
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfffb9a9476c916a4b7fe2549d6e322f4d7543a63a0669f337a34e0686e69cf3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C812FB71600214ABEB258F68CC49FEE7BF8BF45310F148269F516EA2E1DB789981CB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0069F998
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006DF474
                                                                                                                                                                                                                                                                                                                                                                                • IsIconic.USER32(00000000), ref: 006DF47D
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 006DF48A
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 006DF494
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006DF4AA
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 006DF4B1
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006DF4BD
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 006DF4CE
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 006DF4D6
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 006DF4DE
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 006DF4E1
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 006DF4F6
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 006DF501
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 006DF50B
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 006DF510
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 006DF519
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 006DF51E
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 006DF528
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 006DF52D
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 006DF530
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 006DF557
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 776e55514771509bc1a20d2baeb88ef497068553f4935a54160423b7a40940b3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5fb8e58edb3663eee544262ef28c1ef07da275e7cb7e09d7fec5600d5514e630
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 776e55514771509bc1a20d2baeb88ef497068553f4935a54160423b7a40940b3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0315371E80218BBEB216BF55C4AFFF7E6DEB44B50F108066F601E62D1C6B45D10AAA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006E170D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006E173A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E16C3: GetLastError.KERNEL32 ref: 006E174A
                                                                                                                                                                                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 006E1286
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 006E12A8
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 006E12B9
                                                                                                                                                                                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 006E12D1
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessWindowStation.USER32 ref: 006E12EA
                                                                                                                                                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 006E12F4
                                                                                                                                                                                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 006E1310
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006E11FC), ref: 006E10D4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10BF: CloseHandle.KERNEL32(?,?,006E11FC), ref: 006E10E9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $default$winsta0$Zt
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 22674027-2762121913
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c6e88b44ef1d16a048e5aeb6d67171e39dcb6ba1efae2eceb68ee37ac81f4203
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4a38a4a5903ed8e11c7da53d3cf6fc06652bca6102f09b34e509eecfbb54aa84
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6e88b44ef1d16a048e5aeb6d67171e39dcb6ba1efae2eceb68ee37ac81f4203
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B781AE71901389AFDF219FA9DC49FEE7BBAEF05700F148129F910AA2E0C7748945DB24
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006E1114
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E1120
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E112F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E1136
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006E114D
                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006E0BCC
                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006E0C00
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 006E0C17
                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 006E0C51
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006E0C6D
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 006E0C84
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 006E0C8C
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 006E0C93
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 006E0CB4
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 006E0CBB
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006E0CEA
                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006E0D0C
                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 006E0D1E
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006E0D45
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E0D4C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006E0D55
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E0D5C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006E0D65
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E0D6C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 006E0D78
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E0D7F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1193: GetProcessHeap.KERNEL32(00000008,006E0BB1,?,00000000,?,006E0BB1,?), ref: 006E11A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,006E0BB1,?), ref: 006E11A8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,006E0BB1,?), ref: 006E11B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b47fb3de4a7166ccbc6702fe9c20a1fc610d02d31d2575e133e2d07a1a64b910
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a60f46c00fb552bc5043e4edfb96d5b54cba5c55bd445e0e2bcac6bab1a04b4f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b47fb3de4a7166ccbc6702fe9c20a1fc610d02d31d2575e133e2d07a1a64b910
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D671AC7194134AEBEF11DFE5DC49BEEBBBAFF08300F148115E914A6290D7B8A941CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • OpenClipboard.USER32(0071CC08), ref: 006FEB29
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 006FEB37
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 006FEB43
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 006FEB4F
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 006FEB87
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 006FEB91
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 006FEBBC
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 006FEBC9
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 006FEBD1
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 006FEBE2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 006FEC22
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 006FEC38
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000F), ref: 006FEC44
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 006FEC55
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 006FEC77
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006FEC94
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006FECD2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 006FECF3
                                                                                                                                                                                                                                                                                                                                                                                • CountClipboardFormats.USER32 ref: 006FED14
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 006FED59
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 09107ef8b8288d51f7cb2180a1ae4ea2339f18d2ea6a108b21c4a223adff1b5b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 181054a7f8f89288c948444646c324e6ba5df405c5c87f91f41b6325b7cff39b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09107ef8b8288d51f7cb2180a1ae4ea2339f18d2ea6a108b21c4a223adff1b5b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D361EF342443059FD301EF68C884FBA7BA6AF84704F08851DF556972E2CB36D906CB66
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 006F69BE
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006F6A12
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006F6A4E
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006F6A75
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 006F6AB2
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 006F6ADF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 22dacc361c12060250e5665174494fdb29e985299bbbf3f950145710a3f557c6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1141ea13aa39efdeacf12598595454c3d025a5d25629ad4ebbe3ebc0cd8f178f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22dacc361c12060250e5665174494fdb29e985299bbbf3f950145710a3f557c6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60D16FB2508300AFC754EFA4C881EBBB7EDAF98704F04491DF685D6291EB75DA04CB62
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 006F9663
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 006F96A1
                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 006F96BB
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 006F96D3
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006F96DE
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 006F96FA
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 006F974A
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00746B7C), ref: 006F9768
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 006F9772
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006F977F
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006F978F
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a8e9e7e98c026d332d18c9e2443ace786fdda2289470387e4354c1f7668ca5bc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f1bfec04fcb070c14a971820f83957968b5e925934f050de5babd57dab39a94b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8e9e7e98c026d332d18c9e2443ace786fdda2289470387e4354c1f7668ca5bc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC31AE7254021D6ADB15AFF8DC08BEE77ADAF0A321F108155FA15E21A0DB38DE44CA68
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 006F97BE
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 006F9819
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006F9824
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 006F9840
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 006F9890
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00746B7C), ref: 006F98AE
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 006F98B8
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006F98C5
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006F98D5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 006EDB00
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 25cea9cabb0e35897e224d09d5b5e7f4f9280fb4ea669a7bc87e64a967e456c4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f3e72ffb7724033a952e21f3cb38a1af9da34bda570ec4141e76841fe2939025
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25cea9cabb0e35897e224d09d5b5e7f4f9280fb4ea669a7bc87e64a967e456c4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9531B27154021D6ADF11EFA8DC48BEE77AEAF06360F108556E920A22D0DB74DE85CE74
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0070B6AE,?,?), ref: 0070C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0070BF3E
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0070BFA9
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0070BFCD
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0070C02C
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0070C0E7
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0070C154
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0070C1E9
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0070C23A
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0070C2E3
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0070C382
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0070C38F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 92cec3ac3f473f7a8bf4bae12fbec4ed4c837bc9e5b8dd6878dd80a6cbf5e8dc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c1380f4b18675ebdca461a3fa5ff85cdd29bdadb057616a6fa707058b9b05807
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92cec3ac3f473f7a8bf4bae12fbec4ed4c837bc9e5b8dd6878dd80a6cbf5e8dc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE024B70604200DFD715DF28C895A2ABBE5AF89304F18C69DF84ADB2A2DB35ED45CB52
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 006F8257
                                                                                                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 006F8267
                                                                                                                                                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 006F8273
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006F8310
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 006F8324
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 006F8356
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006F838C
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 006F8395
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f93197ddcb3e73c3ebf40f44cdf2d4b24fe246e12699fc9cda71be6bb003ac90
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c15c390635baa1fbaf3875334fd2abd219b8d265d9678a866a1a5e5094edec42
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f93197ddcb3e73c3ebf40f44cdf2d4b24fe246e12699fc9cda71be6bb003ac90
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C618BB25083099FCB10EF64C8409AEB3EAFF89310F04895DFA9997251DB35E945CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00683A97,?,?,00682E7F,?,?,?,00000000), ref: 00683AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EE199: GetFileAttributesW.KERNEL32(?,006ECF95), ref: 006EE19A
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 006ED122
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 006ED1DD
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 006ED1F0
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 006ED20D
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 006ED237
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006ED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,006ED21C,?,?), ref: 006ED2B2
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 006ED253
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006ED264
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0902585264464ed23add295559abe0ca59a0e62b6e64571d3ef5524a3df17f41
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b2cd0ce01d8d18847a43902222861d4e4dde914a4faf9f7ce1e58250966a27c5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0902585264464ed23add295559abe0ca59a0e62b6e64571d3ef5524a3df17f41
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A618D3180624D9FCF05EBE1CA529FDB776AF15300F248169E50277291EB315F09CB65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a0b1104781a6869ed1a5fef97623961cbad1264619c9eec7b6bd3d77de8e66ad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1057ade2d24fa5b5aefec3a72d0bafe5b78393035c3d4ef9a7598ec52381d5de
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0b1104781a6869ed1a5fef97623961cbad1264619c9eec7b6bd3d77de8e66ad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C41C035204611AFE311DF59E848BA9BBE2FF44328F14C099E5158BBB2C77AEC41CB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006E170D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006E173A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E16C3: GetLastError.KERNEL32 ref: 006E174A
                                                                                                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 006EE932
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4d4673074a3f769ee4e996315c053c8abd028115f461b7df998edee084dfcd5e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1ef9ff2afb7198551e7f53c432e7eb979727993499e655ba7bae9b7b7dadfb49
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d4673074a3f769ee4e996315c053c8abd028115f461b7df998edee084dfcd5e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20019E72622311ABEB5022BA9C86FFF32DE9704740F144421FC03E71D3E6B65C4081E4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00701276
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00701283
                                                                                                                                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 007012BA
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007012C5
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 007012F4
                                                                                                                                                                                                                                                                                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00701303
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 0070130D
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 0070133C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 66049467962ce6e84922a4269644501887bb68f99c844d7eb468dcfce7aa0c51
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1d364d261db0270b241872d0ed1b2639083cede9eea6eb06fc202ab8a5420348
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66049467962ce6e84922a4269644501887bb68f99c844d7eb468dcfce7aa0c51
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43417F71600100DFD710DF68C488B69BBE6BF86318F58C298E9569F2D2C779ED81CBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BB9D4
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BB9F8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BBB7F
                                                                                                                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00723700), ref: 006BBB91
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0075121C,000000FF,00000000,0000003F,00000000,?,?), ref: 006BBC09
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00751270,000000FF,?,0000003F,00000000,?), ref: 006BBC36
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BBD4B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: edc19a2ffadbd0881c8388c3b07724711ebb99126be0f441cef3e0d374317a0b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a46f259a95fe0ce60131dde7e0c697f3dc18d13af6e5f63a8afefdad3e02a0f9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edc19a2ffadbd0881c8388c3b07724711ebb99126be0f441cef3e0d374317a0b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DC127F1A04205AFCB20EF69CC51BEE7BAAEF41310F18519EE594D7251EBB08E81C754
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00683A97,?,?,00682E7F,?,?,?,00000000), ref: 00683AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EE199: GetFileAttributesW.KERNEL32(?,006ECF95), ref: 006EE19A
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 006ED420
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 006ED470
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 006ED481
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006ED498
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006ED4A1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 94ded5dc69b45be65b5cee2f060db0e75f15fd61b133710afcbffde00f69507e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1c01e33d87e1cad05e428493d7f1580bc876e2e344ed3567d53e7b060af4df62
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94ded5dc69b45be65b5cee2f060db0e75f15fd61b133710afcbffde00f69507e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 103170710093859BC345FFA4C8558EF77E9BEA1300F448A1DF4D1522D1EB34AA09C767
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eec4db8bf6bbbffa88099e9ae0967f5f1efabfd28ff177b537b0e29410374fe5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b74b25b552090f3bfc70c5f5362caae4a9283bfadeb96907728ec62b9bfe0cf3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eec4db8bf6bbbffa88099e9ae0967f5f1efabfd28ff177b537b0e29410374fe5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EC249B2E046288FDB65DF28DD407EAB7B6EB45304F1441EAD80DE7251E779AE818F40
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F64DC
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 006F6639
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0071FCF8,00000000,00000001,0071FB68,?), ref: 006F6650
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 006F68D4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d77d0580bc5b13da63ecb63f786bc68516d4fa3bdbae3f4aa3085c9f4bf04355
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 47caa30bca34ba9e3ce1dd5efaf4119dcd75d5f60ec045de10a6ad4ea708a748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d77d0580bc5b13da63ecb63f786bc68516d4fa3bdbae3f4aa3085c9f4bf04355
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AD16AB1508305AFC344EF24C8819ABB7EAFF94304F144A6DF5959B2A1DB70ED05CBA2
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 007022E8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006FE4EC: GetWindowRect.USER32(?,?), ref: 006FE504
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00702312
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00702319
                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00702355
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00702381
                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 007023DF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8ec9eeae3053f732ee554073ab70c5259559da25fc601975418baf71b4b742a6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2574c3b31e534acb6caff09819ccd4dd38437765c84c7f43fed560df62264598
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec9eeae3053f732ee554073ab70c5259559da25fc601975418baf71b4b742a6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2831ED72105305ABC721DF58C808B9BBBEAFF84710F004A1DF984971C2DB38EA09CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 006F9B78
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 006F9C8B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006F3874: GetInputState.USER32 ref: 006F38CB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006F3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006F3966
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 006F9BA8
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 006F9C75
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 169bc67662dd2276bb35ae91779c3d0f5c4e4819e1003054ee5fa2b8b63db6b7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f06b386d95abac3919d1325f98404b6d1cbb540c9fb8362068193c433a36b8ff
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 169bc67662dd2276bb35ae91779c3d0f5c4e4819e1003054ee5fa2b8b63db6b7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC41A27194420E9FCF55EFA4C845BFEBBB6EF05310F244159E505A2291DB309E84CF64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00699A4E
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00699B23
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00699B36
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5e52149435567cee2c030f2338348cbef7c06d66b2c4c6c0d38df3b959f0b302
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ce7b39b6d1bd11c6775d380317874bc07b6d5a85efbf01c4703b6255acdd98bc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e52149435567cee2c030f2338348cbef7c06d66b2c4c6c0d38df3b959f0b302
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3A10570608544BFEB289A2C8C99EFB269FDB46311B14420EF502C6FD5EA29DD42D277
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0070307A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070304E: _wcslen.LIBCMT ref: 0070309B
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0070185D
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00701884
                                                                                                                                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 007018DB
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007018E6
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00701915
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ab43b0b57fb8fc3da5cc99e627e035392cd51e834078659497a4df1c19deb119
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7c1a4035075ff2b6cd031db0f667952ab310834fe75d1e709446180ca9c2b7ee
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab43b0b57fb8fc3da5cc99e627e035392cd51e834078659497a4df1c19deb119
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D519271A00200AFEB10AF64C886F6A77E6AF44718F54C19CFA156F3D3C775AD418BA5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8cc66d9196cd44ced96b4d77e775faaf40914b5bf8389c43f2b7ee0d344e0acd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7b453b429aa48f2cc30d5994f76c5447d375b1008f6203709a7955e8f995d81d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cc66d9196cd44ced96b4d77e775faaf40914b5bf8389c43f2b7ee0d344e0acd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E021B1317802009FD7218F2ED844BAA7BA5AF85324B59C058E9468F2D1CB79DC82CBE4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d04706d65fd887956fc9acc9b1c0767a0785920cda437e644ca157809c307f08
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 31563a1b3c8333eb1b87fcccd82ef9cc4a03334086685869d4c4d1cb96c874c4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d04706d65fd887956fc9acc9b1c0767a0785920cda437e644ca157809c307f08
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FA25C71A0021ACFDF24DF58C950BFDB7B2EB54310F6482A9E816A7345EB749D81CB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 006E82AA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($tbt$|
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1659193697-2614987295
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8abdbcf159851140327f8a7733825b0333795de307cb47b9d99686168225b092
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a6de3f00f366d97bb2a3103efc57ebc90c9f8738e273421251764e57491bf8cf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8abdbcf159851140327f8a7733825b0333795de307cb47b9d99686168225b092
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2323474A017459FCB28CF5AC080AAAB7F1FF48710B15C46EE49ADB3A1EB70E941CB44
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 006EAAAC
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 006EAAC8
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 006EAB36
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 006EAB88
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3263adb5a7866667ddfd8eb5ac6f486dea09f12d3fa7b88180031cd04579774c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf28b463960df8a20cab7388b62599d8a8d092359a93849cfe02ea1bc9a551ad
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3263adb5a7866667ddfd8eb5ac6f486dea09f12d3fa7b88180031cd04579774c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB311E30A41384AFFB358AE6CC057FA77A7AF54310F14421AF1C1962D1D374A945C766
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 006FCE89
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 006FCEEA
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 006FCEFE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bfd23291c3c5ec0abb825ae1f89a5020a5f1e9a90086b8c4a322b20052aa5adc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e2c4c6e7b4593bdfaa33208553f7d1fd15aa5f1017669dbb09d6b79e9d07b500
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfd23291c3c5ec0abb825ae1f89a5020a5f1e9a90086b8c4a322b20052aa5adc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF21EDB154030D9BDB20DFA5CA48BF6B7FAEF00324F10841EE642D2291E774EE048B64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 006F5CC1
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 006F5D17
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 006F5D5F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e6ed1793ebcd86924e66991337aaf1ac7917b813ff1edb9f6b2f39fb024ebfd6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9905656bede2fc7c9708ebae4d7fb0937ff304e0858a0e6f219c9fc6497a18ad
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6ed1793ebcd86924e66991337aaf1ac7917b813ff1edb9f6b2f39fb024ebfd6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A51CB74604A059FC704DF28C494EA6B7E6FF4A324F14855EEA5A8B3A1CB30ED04CF95
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 006B271A
                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006B2724
                                                                                                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 006B2731
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 27ded19e735edf34dd00c1a1de8a853203706ee7526dd5d8cce13fdee9acbad8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 08131cbeb8a24c5b2c5c061c7ab82f96a57aa71913240321e76aae4bc602c969
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27ded19e735edf34dd00c1a1de8a853203706ee7526dd5d8cce13fdee9acbad8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6531D5749412199BCB61DF68DC887DCBBB9AF08310F5081EAE41CA7261EB349F818F49
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 006F51DA
                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 006F5238
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 006F52A1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0d80954131606a0287432943afb1c0025d9915cdebd7cc1e4e045d3dfa6a582a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1dd3b7abe1c883dcc600843ee63b7c31c2f6ec98cddae19aa0f4efa74d6d355c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d80954131606a0287432943afb1c0025d9915cdebd7cc1e4e045d3dfa6a582a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE316D75A005089FDB00DF94D884EADBBB5FF49314F088199E905AB392CB35ED45CBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 006A0668
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 006A0685
                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006E170D
                                                                                                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006E173A
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006E174A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 03f9588f776d44f6d37e2e2803fe8d6a8bb72abac247da3348404fddffc8bccd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cece8c157e91babf57dd77ac01687b9e696330ee1c6c9f3e1a3390a25377024e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03f9588f776d44f6d37e2e2803fe8d6a8bb72abac247da3348404fddffc8bccd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 441191B2414304AFDB189F54DC86DAAB7BEEF45714B20C52EE05697681EB70BC45CB24
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006ED608
                                                                                                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 006ED645
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006ED650
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 493e3fd462752430a3a02eaa956727a524725a47c154f57b85c2b8d969d51e1f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d54a9ad5d7164c4d92514bbdeec86f4092472539e43f105e3a1ffea54e30d1a3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 493e3fd462752430a3a02eaa956727a524725a47c154f57b85c2b8d969d51e1f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15117C71E41228BBDB108F999C44FEFBBBCEB45B50F108111F914E7290C2704A018BA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 006E168C
                                                                                                                                                                                                                                                                                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006E16A1
                                                                                                                                                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 006E16B1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ad833ba05d422cfb5ad1cd709215043d8dd38d57e2e8f31a070dc75b73f00225
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ba1010ff92f4015aa8e28dcea0d770fac961b32a42b6b8d0d1e11b1e7ee9d831
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad833ba05d422cfb5ad1cd709215043d8dd38d57e2e8f31a070dc75b73f00225
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66F0F471990309FBDB00DFE49C89EEEBBBDEB08604F508565E601E2181E774AA449A54
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: /
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 70f4f467ef7b656df05a13566b1748d974f22caba0a4bede95f71d702694cf39
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1a2536ef72c3611952a8e7c53d21c9c442c25a5b1c6a4cab597508cd64eb954b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70f4f467ef7b656df05a13566b1748d974f22caba0a4bede95f71d702694cf39
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 964126B2500219ABCB209FB9CC48DEB77BAEB84324F50826DF905C7281E6719E818B54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 006DD28C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f2b734c1f4391b33fdb1dfcf7d22acf7a71550a2940f75cd56207936e0c6d95e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 910ea7803333517f933bf419b748608a0c7d89b70290a32b6d5594b0c45d8f9f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2b734c1f4391b33fdb1dfcf7d22acf7a71550a2940f75cd56207936e0c6d95e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14D0C9B480111DEACF94DB90DC88DD9B37CBB04345F104152F146A2140D73496498F10
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c6379d496d6635dcf8f1e7bcd5163602c529eaabf57df8207af445e07df355bc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F020B71E002199FDF14DFA9C8806ADBBF2FF49324F254169D819AB380D731AD418F94
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Variable is not of type 'Object'.$p#u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1908159134
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 30d09ddd69b412fba2e06cd6f8c9b6f2df442f8374876f38926e6eceb5f6b443
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 906aa40a179b11a002edaed4811203bd5d95f0a89c5911ca20ae11d3070c33d3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30d09ddd69b412fba2e06cd6f8c9b6f2df442f8374876f38926e6eceb5f6b443
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7332AB70900208DBEF14EF90D885BEDB7B7BF05314F14825AE906AB382D775AE46CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 006F6918
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 006F6961
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e4bc000aeaa5d570531a10804dac0d9a934ac3cac8410946f9ecf73bc17c7bd9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa2591d43c9b9399c325fb9e5b0bddab86e0faf043a7890c8adfbc8ce572f016
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4bc000aeaa5d570531a10804dac0d9a934ac3cac8410946f9ecf73bc17c7bd9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F011AC316042019FD710DF69D484A26BBE2FF85328F14C699F5698B3A2CB70EC05CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00704891,?,?,00000035,?), ref: 006F37E4
                                                                                                                                                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00704891,?,?,00000035,?), ref: 006F37F4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 056e23ce913db73df2b28faaa4034c7b63ad9ea66695b3d426cf42ae51849721
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e880d9fb5a06d539438e50f313f8d6e1d2ed29126939b57cebe1339374f069e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 056e23ce913db73df2b28faaa4034c7b63ad9ea66695b3d426cf42ae51849721
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DF0EC706043282AD75027A55C4DFFB36AFEFC5761F004169F505D23C1D5609944C7B4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 006EB25D
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 006EB270
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5e34dd84cb043ad80d57a9cd8840ff08f3a39b4ab026b3a08629cec7e72c265e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 24e944fa6ff02bfc061820ea39583468773e2dd9d2248acae30abda64ed0f92a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e34dd84cb043ad80d57a9cd8840ff08f3a39b4ab026b3a08629cec7e72c265e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFF01D7184428DAFDB069FA5C805BFE7BB5FF04305F10D009FA55A5191C37986119F94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006E11FC), ref: 006E10D4
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,006E11FC), ref: 006E10E9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 86097d58e0fc48c7abce7725ad4bc9f953bdf30e4d407e58a1fc0dc25dcd7883
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 14ec9b65dfe8d402dd717f3341f1e446720fe0faa92b828eee8aa7d9209cf42f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86097d58e0fc48c7abce7725ad4bc9f953bdf30e4d407e58a1fc0dc25dcd7883
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DE04F32004610AFEB262B55FC05EB377AEEF04310B21C82DF4A5804B1DB626C90DB14
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,006B6766,?,?,00000008,?,?,006BFEFE,00000000), ref: 006B6998
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f10db6786813815253d657b0b16edd88259761d0de003e68f727217c403afb21
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5517cd16e5e8dd0eb7956a21b964cf5f5f133a35a7ac152e8387953be3a7dad9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f10db6786813815253d657b0b16edd88259761d0de003e68f727217c403afb21
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62B15DB16106099FDB15CF28C486BE57BE1FF05364F258658F89ACF2A2C739D982CB40
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 69f975fb44c80f86a78ae2e9011ae216a73fea078866c1daaa1961ccf5883159
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e5553aafe0e307159fa7c7d588bd0a017dde12b8d05b8a26abe20d9f07eb20df
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69f975fb44c80f86a78ae2e9011ae216a73fea078866c1daaa1961ccf5883159
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02125D71D002299FCF14CF58D981AEEB7FAEF48710F14819AE849EB355DB349A81DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 006FEABD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ad8610ebe439ed3a0344c54dee699a8dda58d462854f9cc5c51d09208fb7799a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 17f509553fc1e24f9888b62124fdca35240a41f585d4f93ad1f0eadc68d16a61
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad8610ebe439ed3a0344c54dee699a8dda58d462854f9cc5c51d09208fb7799a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECE01A312002089FD710EF59D804E9ABBEAAF98760F00841AFE49D73A1DA71A8418BA5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,006A03EE), ref: 006A09DA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 056c1aa7f4f962bef27f49a1921a1bfbe35cf9f07a1cf8d14ddb94382b0cf06e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d21b8b5a7ecb0a357c99678092eeb74256e05d4ede43849815a62556df4d1544
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 056c1aa7f4f962bef27f49a1921a1bfbe35cf9f07a1cf8d14ddb94382b0cf06e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 319de7535ea9b1b9d014e0e953b442b34c8249ac482c3687fe628954c8446f1c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3551686170C6056BDB38B5688C597FF63CB9B13300F18052AD886D7382CA19EE06DF5A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0&u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-949697045
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1c0313ef160919f1f009b2944e74b13f8f5a34acfef0753551b6d06e78c125d2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6bb98dda8978f44b3ba1c159c32bfc917bd8fe01f8eb0fce7206f74b28f38306
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c0313ef160919f1f009b2944e74b13f8f5a34acfef0753551b6d06e78c125d2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC21EB322206158BDB28CF79C8236BE73E5E755310F14862EE4A7C37D1DE79A905CB84
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2fc1533333640bd2ea2e172486cb21171fc2d3a9dd747a407257e7acc841adbe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 79a7b04dbf93032ea7c751ab0e8cd26b9755d7d3222600363d68d4886982c6f2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fc1533333640bd2ea2e172486cb21171fc2d3a9dd747a407257e7acc841adbe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1321462D29F414DD7339634CC22375628AAFB73C5F15D737E81AB5AA6EB29C4C35200
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b809758497dbeb0736ca6ae10075e2347b3c0f75f16f32697a1bee932aebba44
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1ded6a60b99dd2a064dd3b6013cd3dc9c022fc8b713b92bb4c033ef1f20ca3cb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b809758497dbeb0736ca6ae10075e2347b3c0f75f16f32697a1bee932aebba44
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F32E031E4015E8BCF28CA69C490ABD7BA7EF45330F28856BD45ACB791D634DD82DB40
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e7720033afb780ae2af89741f06da33fab7b48b44b372deb9e60bc1ddab6e957
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5de7c3265d1d1f56564d7327ab91e37e86a130df48e78380d9a1dd53a9eb8655
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7720033afb780ae2af89741f06da33fab7b48b44b372deb9e60bc1ddab6e957
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63228DB0A0460A9FDF14DFA4C881AAEB7F7FF44300F24466DE816A7291EB35E951CB54
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1fa5141902af98b2b293521ff821aa9ea8440f014ed9285f014a6faf5c015219
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3826b1fc9b914ce1f58e33b1756d47ffb7aab72726c289dcc1cbc9cfb52236c3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fa5141902af98b2b293521ff821aa9ea8440f014ed9285f014a6faf5c015219
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A30281B0A0020AEBDF04DF54D981BBEB7B6FF54300F158169E8169B391EB35AE11CB95
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 97c225b3eadc577d0c34c80feb66eb3183fd95056f348ddbf1aa6e60ed558321
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 36940bcb4ddec2e97c0963e82d0e8a7974387888ce6e3101b89659bc4f9addd9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97c225b3eadc577d0c34c80feb66eb3183fd95056f348ddbf1aa6e60ed558321
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65B1F230D2AF414DD72396398831336B65CAFBB6D5F91D71BFC2674D22EB2A86834244
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 02f16b90319b67970fc51ec9101149d2604cda4cabff776eb801b186a4f3c388
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f769737ce7db779017596d745a7bd1b3b8841470c609c0c6e27c6e2db6c17f63
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02f16b90319b67970fc51ec9101149d2604cda4cabff776eb801b186a4f3c388
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A06169B12087096ADA74BE288D95BFF239BDF53700F14095DE943DB382D611AE428F79
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0a2651bcaa31dc81191a1a02c6ecf23d5d78077e01cd685ce81a51adf1d85b21
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a19c0f5ce2885a6016e85153f1d1bc3d6b8bfd42835c0c2ef3516ec8a2135ee
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a2651bcaa31dc81191a1a02c6ecf23d5d78077e01cd685ce81a51adf1d85b21
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA618A3160870956DE387A288C65BFF6387EF43700F14095DE943CB381EA12AD438F59
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 830279280f579683dc4ed4b92db944699ff9567139d3e9de2b249405c4e9ebaa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1867b408c98bc5019cf303f4d2b3e2ab5dfa34fa8ac7edd60169aed855d4e91b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 830279280f579683dc4ed4b92db944699ff9567139d3e9de2b249405c4e9ebaa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9851916154FADDAFDB0A9F30CC56088FF74AE52A10708C7CFDC858A986C7709A0AC755
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00702B30
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00702B43
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00702B52
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00702B6D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00702B74
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00702CA3
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00702CB1
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00702CF8
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00702D04
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00702D40
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00702D62
                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00702D75
                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00702D80
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00702D89
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00702D98
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00702DA1
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00702DA8
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00702DB3
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00702DC5
                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0071FC38,00000000), ref: 00702DDB
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00702DEB
                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00702E11
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00702E30
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00702E52
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0070303F
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 693a99060e7d631bf9e129646e03174dd802c475d7157a3a91e162cc836ac9dd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d700bb582f98ec297b7f17134c7c28424d9500ab8f59f789ef3feeae9b01cbdf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 693a99060e7d631bf9e129646e03174dd802c475d7157a3a91e162cc836ac9dd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42028071500205EFDB15DFA8CC89EAE7BB9FB49711F008258F915AB2E1D778AD01CB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 0071712F
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00717160
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0071716C
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00717186
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00717195
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 007171C0
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 007171C8
                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 007171CF
                                                                                                                                                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 007171DE
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 007171E5
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00717230
                                                                                                                                                                                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 00717262
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00717284
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: GetSysColor.USER32(00000012), ref: 00717421
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: SetTextColor.GDI32(?,?), ref: 00717425
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: GetSysColorBrush.USER32(0000000F), ref: 0071743B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: GetSysColor.USER32(0000000F), ref: 00717446
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: GetSysColor.USER32(00000011), ref: 00717463
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00717471
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: SelectObject.GDI32(?,00000000), ref: 00717482
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: SetBkColor.GDI32(?,00000000), ref: 0071748B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: SelectObject.GDI32(?,?), ref: 00717498
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 007174B7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007174CE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 007173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 007174DB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fe2f6c6d5600b98d05c74c8b31dc6365c2d5b6be8341fbafebbfbfe433776528
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 97059767a5f84548e1d3ca4a31c0fb4b6adaa56577735911a55050bc4bddcdf2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe2f6c6d5600b98d05c74c8b31dc6365c2d5b6be8341fbafebbfbfe433776528
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BA1C372048301FFD7059FA8DC48A9B7BB9FB88320F208A19F962961E0D778E940DB55
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 0070273E
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0070286A
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 007028A9
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 007028B9
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00702900
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 0070290C
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00702955
                                                                                                                                                                                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00702964
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00702974
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00702978
                                                                                                                                                                                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00702988
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00702991
                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 0070299A
                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 007029C6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 007029DD
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00702A1D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00702A31
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00702A42
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00702A77
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00702A82
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00702A8D
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00702A97
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d0e87ec5876af23a57047db59a231ee6e40d6db4193934da7fe2b0349af325ad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b35241f62702673df39f889cb6db79371675dab69fe9eb4d811047d5446a3cee
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0e87ec5876af23a57047db59a231ee6e40d6db4193934da7fe2b0349af325ad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68B15FB1A40215AFEB14DFA8CC49FAE7BA9EB05711F108214FA15E72D1D778ED40CB68
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 006F4AED
                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,0071CB68,?,\\.\,0071CC08), ref: 006F4BCA
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,0071CB68,?,\\.\,0071CC08), ref: 006F4D36
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d395888698b3a919e1029782887522dc1802bc0fe484cc8a7826941e753bb2e8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 131e9f5384cd740ec611587189a76b13a0e2ac8115a5d1e1b7afaa9c9925595b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d395888698b3a919e1029782887522dc1802bc0fe484cc8a7826941e753bb2e8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4461E5B074220DDBCF04DF24C9819BA77A3AF45710B249019F906ABB91DF39ED42DB66
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00717421
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00717425
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0071743B
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00717446
                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 0071744B
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00717463
                                                                                                                                                                                                                                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00717471
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00717482
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 0071748B
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00717498
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 007174B7
                                                                                                                                                                                                                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007174CE
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 007174DB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0071752A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00717554
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00717572
                                                                                                                                                                                                                                                                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 0071757D
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 0071758E
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00717596
                                                                                                                                                                                                                                                                                                                                                                                • DrawTextW.USER32(?,007170F5,000000FF,?,00000000), ref: 007175A8
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 007175BF
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 007175CA
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 007175D0
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 007175D5
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 007175DB
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 007175E5
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e39e38b15b490371a0dc9ddba9a29ead30277ca3a0deba74b9840c83ee600268
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1f4f26275498c1e74f10ad4b937a1e3719b82297e3a916dcc38842629cec90c7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e39e38b15b490371a0dc9ddba9a29ead30277ca3a0deba74b9840c83ee600268
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5617D72940218BFDF059FA8DC49EEE7FB9EB08320F218115F911AB2E1D7789940DB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00711128
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0071113D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00711144
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00711199
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 007111B9
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 007111ED
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0071120B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0071121D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00711232
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00711245
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(00000000), ref: 007112A1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 007112BC
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 007112D0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 007112E8
                                                                                                                                                                                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 0071130E
                                                                                                                                                                                                                                                                                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00711328
                                                                                                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 0071133F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 007113AA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 07d2a9e46fc901ec8bf249a8048957163f89487872a9e2415789171c2724bc7e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 32f3312c018ffc8f9025d073db5578b5e14d63215b4a656cea22fb83a1582578
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07d2a9e46fc901ec8bf249a8048957163f89487872a9e2415789171c2724bc7e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DB1AF71604340AFD750DF68C885BAABBE5FF88750F40891CFA999B2A1C735D844CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 007102E5
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0071031F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00710389
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007103F1
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00710475
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 007104C5
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00710504
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069F9F2: _wcslen.LIBCMT ref: 0069F9FD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 006E2258
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 006E228A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d8331afb9ab3c66a918d6c90d84c3f5ea8db73b1d7cf7083f7e291f7ea5e06dd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 51e350d7941412a01448bb0465a6586961e642cca1703c5a6fd9bdd0991cb54f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8331afb9ab3c66a918d6c90d84c3f5ea8db73b1d7cf7083f7e291f7ea5e06dd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCE1D2312083418FC754EF28C49186AB7E6BFC8714B144A6CF8969B2E1DB78EDC5CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00698968
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00698970
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0069899B
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 006989A3
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 006989C8
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 006989E5
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 006989F5
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00698A28
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00698A3C
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00698A5A
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00698A76
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00698A81
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069912D: GetCursorPos.USER32(?), ref: 00699141
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069912D: ScreenToClient.USER32(00000000,?), ref: 0069915E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069912D: GetAsyncKeyState.USER32(00000001), ref: 00699183
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069912D: GetAsyncKeyState.USER32(00000002), ref: 0069919D
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,006990FC), ref: 00698AA8
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 71032331969af86d81810c44729b7d48e27e4e9201750579bb22711d879f3a8c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 36e787a03934ebabeb495d26cc26a40c82d989a2d7caba89174854e8690450ca
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71032331969af86d81810c44729b7d48e27e4e9201750579bb22711d879f3a8c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34B14C71A402099FDF14DFA8CC45BEE3BB6FB48315F11812AFA15AB290DB78A841CB55
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006E1114
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E1120
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E112F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E1136
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006E114D
                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006E0DF5
                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006E0E29
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 006E0E40
                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 006E0E7A
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006E0E96
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 006E0EAD
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 006E0EB5
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 006E0EBC
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 006E0EDD
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 006E0EE4
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006E0F13
                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006E0F35
                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 006E0F47
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006E0F6E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E0F75
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006E0F7E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E0F85
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006E0F8E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E0F95
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 006E0FA1
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E0FA8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1193: GetProcessHeap.KERNEL32(00000008,006E0BB1,?,00000000,?,006E0BB1,?), ref: 006E11A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,006E0BB1,?), ref: 006E11A8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,006E0BB1,?), ref: 006E11B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f098058f3a49036c35e8267ad4725c56b19633d7f9b3fac33724f0dba5fb259f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 77caf1a1c1496734aeeb0442717b76b7e86aec90b52478c0b20621441e8766d3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f098058f3a49036c35e8267ad4725c56b19633d7f9b3fac33724f0dba5fb259f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7771AC7290134AABEF209FA5DC45BEEBBB9BF08300F048114F918A6290D7749E55CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0070C4BD
                                                                                                                                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,0071CC08,00000000,?,00000000,?,?), ref: 0070C544
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0070C5A4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0070C5F4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0070C66F
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0070C6B2
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0070C7C1
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0070C84D
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0070C881
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0070C88E
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0070C960
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 36b9ee64cb95cf6c09356bcbc98e6328a52197e092b557e43522d7c546d3e454
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 137e332650b452d70dc0b41025ba71b25f3de8291e20c21df2501994b8a5e1eb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36b9ee64cb95cf6c09356bcbc98e6328a52197e092b557e43522d7c546d3e454
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1127935204201DFD715EF14C881A2AB7E6FF88714F148A9CF95A9B3A2DB35EC41CB99
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 007109C6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00710A01
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00710A54
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00710A8A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00710B06
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00710B81
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069F9F2: _wcslen.LIBCMT ref: 0069F9FD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006E2BFA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 60427419f43ef3990ec631ccc6ff57ae8faec160f26c9028fd36cc9b402ee90b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f30e8d1dc077268841882c15ac424bbd3d6a4e27a922e8a3b5ae7718bcc0cd47
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60427419f43ef3990ec631ccc6ff57ae8faec160f26c9028fd36cc9b402ee90b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78E1BE712083418FC754EF28C4509AAB7E2FF98314B14895CF8969B7A2DB74ED85CBD1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f5505c923eb68619e61b57e2aaebc1ed279743e8070613e75ab0bfc2fcf022af
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 790f1fbf10657ec015640b3b8823480aa179e4666b12d8064a241ba8f9d73fe3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5505c923eb68619e61b57e2aaebc1ed279743e8070613e75ab0bfc2fcf022af
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE71D0B260016ACBCB22DF68CD415BB33D6ABA1754B654728FC56A72C4EB3CCD44C3A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0071835A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0071836E
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00718391
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007183B4
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 007183F2
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00715BF2), ref: 0071844E
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00718487
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 007184CA
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00718501
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0071850D
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0071851D
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?,00715BF2), ref: 0071852C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00718549
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00718555
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f5a55aed07cd07849ea7ddab29d3383399405c1c6cac6bb54298466eea5da821
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3a875abc6d3e8f10ce8b9099b70bad7a8a4c06cda446fb67f7cf79efb2a40b88
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5a55aed07cd07849ea7ddab29d3383399405c1c6cac6bb54298466eea5da821
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD61EF71540215BAEB54DF68CC41BFE77A9FB04B20F108609F915D60D1DFB8AD90CBA4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: efe0cfc7763af68fb91ed02af1b227e5c2208c85dcfa70e570a40e58ad6ff63a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72fe6cdfb7c1bb2ff08b7c245d702dadaf0ebd7bed0144ca0c15a8af9f451475
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efe0cfc7763af68fb91ed02af1b227e5c2208c85dcfa70e570a40e58ad6ff63a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED81E2B1644605BBDB20BF64CC42FFE77AAEF15300F144128F805AB296EB74DA91C7A5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 006F3EF8
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F3F03
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F3F5A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F3F98
                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 006F3FD6
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006F401E
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006F4059
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006F4087
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1a9980ccae5e2e6e6fb9b630e03a60ba11235f9f350999b5b8e0eff31eb405a8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f3fc4c91f8336afee4e066d48d952be1e750fe2650158764acf67a17a5fb3470
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a9980ccae5e2e6e6fb9b630e03a60ba11235f9f350999b5b8e0eff31eb405a8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE71BC716042169FC310EF24C8808BAB7E6EF95758F104A2DFA9597351EB30EE45CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 006E5A2E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 006E5A40
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 006E5A57
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 006E5A6C
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 006E5A72
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 006E5A82
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 006E5A88
                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 006E5AA9
                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 006E5AC3
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 006E5ACC
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006E5B33
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 006E5B6F
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 006E5B75
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 006E5B7C
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 006E5BD3
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 006E5BE0
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 006E5C05
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 006E5C2F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c55d76bfb32eff34e1bb51b1b19d85f1c97964eedfb636af5516d65f75a2a076
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aab34ffe29cd7a3874d4571f885b07490a64d4fdf5198fd8f254ac7451ac5160
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c55d76bfb32eff34e1bb51b1b19d85f1c97964eedfb636af5516d65f75a2a076
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4718031900B45AFDB21DFA9CE95AAEBBF6FF48708F108518E143A36A0D774E944CB54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 006FFE27
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 006FFE32
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 006FFE3D
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 006FFE48
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 006FFE53
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 006FFE5E
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 006FFE69
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 006FFE74
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 006FFE7F
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 006FFE8A
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 006FFE95
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 006FFEA0
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 006FFEAB
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 006FFEB6
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 006FFEC1
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 006FFECC
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorInfo.USER32(?), ref: 006FFEDC
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006FFF1E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4874af3380fc81a84bec6f027fdd1bd5e2f994cb1cbb08387fd4411a12ce7b75
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4cf09c0b3199aaee28c39bce7499f11f7f1e5676b254fde71297ebbf531cb832
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4874af3380fc81a84bec6f027fdd1bd5e2f994cb1cbb08387fd4411a12ce7b75
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D4165B0D453196ADB10DFBA8C8586EBFE9FF04354B50852AF11DE7281DB789901CF91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[t
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-3075924571
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4593612f5c0c59734f1186023e73ac3027725f1944d9de265936edda3a64dfb5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 669684f992e5dc00cd616f59920e4a3d928337bb4612689e241507b80c9cc955
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4593612f5c0c59734f1186023e73ac3027725f1944d9de265936edda3a64dfb5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AE1D631A01766EBCB149FA5C449AEEB7B6BF44710F64812DE456E7380DB309F45CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 006A00C6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0075070C,00000FA0,1955A5AC,?,?,?,?,006C23B3,000000FF), ref: 006A011C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,006C23B3,000000FF), ref: 006A0127
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,006C23B3,000000FF), ref: 006A0138
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 006A014E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006A015C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006A016A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006A0195
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006A01A0
                                                                                                                                                                                                                                                                                                                                                                                • ___scrt_fastfail.LIBCMT ref: 006A00E7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00A3: __onexit.LIBCMT ref: 006A00A9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • WakeAllConditionVariable, xrefs: 006A0162
                                                                                                                                                                                                                                                                                                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 006A0122
                                                                                                                                                                                                                                                                                                                                                                                • InitializeConditionVariable, xrefs: 006A0148
                                                                                                                                                                                                                                                                                                                                                                                • kernel32.dll, xrefs: 006A0133
                                                                                                                                                                                                                                                                                                                                                                                • SleepConditionVariableCS, xrefs: 006A0154
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8a5079e24441ba78f5261c72e5249e47e15d12d1349769e5cc6131f5ff082492
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b743c6217b015598bda7995d9795fa9af3e8a433fd5f6dcd04b1a9cd74782642
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a5079e24441ba78f5261c72e5249e47e15d12d1349769e5cc6131f5ff082492
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C921D7727847157BFB116BF8AC16BE933A6EB06F51F118529F801D22D1DBA89C008E98
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(00000000,00000000,0071CC08), ref: 006F4527
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F453B
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F4599
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F45F4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F463F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F46A7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069F9F2: _wcslen.LIBCMT ref: 0069F9FD
                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00746BF0,00000061), ref: 006F4743
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4a867f0313f1b86d96c6e2d88714203b2341ffef8e6b6501274c58d92f08d8ae
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bdc0cb96db72ec51144bd73a74c81357c277a540061a41603a0db6cbfdaa6719
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a867f0313f1b86d96c6e2d88714203b2341ffef8e6b6501274c58d92f08d8ae
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0B103716083029FC710EF28C890ABBB7E6AF96760F504A1DF696C7791DB30D945CB52
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00719147
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00717674: ClientToScreen.USER32(?,?), ref: 0071769A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00717674: GetWindowRect.USER32(?,?), ref: 00717710
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00717674: PtInRect.USER32(?,?,00718B89), ref: 00717720
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 007191B0
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 007191BB
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 007191DE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00719225
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 0071923E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00719255
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00719277
                                                                                                                                                                                                                                                                                                                                                                                • DragFinish.SHELL32(?), ref: 0071927E
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00719371
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 221274066-1344711150
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6b5877f415efda61c3c5adb78294a92ff23608c3eebe34376dd2b218eede23eb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 265857c5698d8855a6b89df7c5f697cd1ba71ba94ae3f9db373ab855520355da
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b5877f415efda61c3c5adb78294a92ff23608c3eebe34376dd2b218eede23eb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF61BE71108300AFD701EFA4DC85DAFBBF9EF88750F004A2DF591921A0DB749A49CB66
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,0071CC08), ref: 007040BB
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 007040CD
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0071CC08), ref: 007040F2
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,0071CC08), ref: 0070413E
                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028,?,0071CC08), ref: 007041A8
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000009), ref: 00704262
                                                                                                                                                                                                                                                                                                                                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 007042C8
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 007042F2
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fe2f53749f9c1d1a8e278709217d458261c7f3038ec8be1cb3ed3a7f2ba4b8e6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0c0ac9a79b05b938e1b38ad8d3a646d498d18a76ad6e19a7d29a7f95eb74aa27
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe2f53749f9c1d1a8e278709217d458261c7f3038ec8be1cb3ed3a7f2ba4b8e6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D122AB5A00119EFDB14DF94C884EAEB7F5BF45314F248198FA05AB291D735ED42CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00751990), ref: 006C2F8D
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00751990), ref: 006C303D
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 006C3081
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 006C308A
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00751990,00000000,?,00000000,00000000,00000000), ref: 006C309D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 006C30A9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b523cab2b0ce5bb461766ee4b9e343269691c7e3f13052023e02788e298adbbf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2b22a935e90d0a633d46fefaae122527fdad303b380f0e30f4b1dc8799383a1e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b523cab2b0ce5bb461766ee4b9e343269691c7e3f13052023e02788e298adbbf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6711D71644216BEEB219F68CC59FEABF66FF05724F204219F9246A3D0C7B19D10C754
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00716DEB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00716E5F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00716E81
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00716E94
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00716EB5
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00680000,00000000), ref: 00716EE4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00716EFD
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00716F16
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00716F1D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00716F35
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00716F4D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699944: GetWindowLongW.USER32(?,000000EB), ref: 00699952
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9b7fcefec5ce3a56c598735e956c11a02f1d01386397191addb4ad35d71754e8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3ab5f3a4bbbec7963892a7410bcf1f59145c4fe193d8ee6f759fea94069fcf3c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b7fcefec5ce3a56c598735e956c11a02f1d01386397191addb4ad35d71754e8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06717870244340AFDB21CF1CD844BAABBF9FB88304F44855DF999872A0C778E94ACB15
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006FC4B0
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006FC4C3
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006FC4D7
                                                                                                                                                                                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 006FC4F0
                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 006FC533
                                                                                                                                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 006FC549
                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006FC554
                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006FC584
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006FC5DC
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006FC5F0
                                                                                                                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 006FC5FB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a8deb4798fe5888f3409a2e49eb2ea33819972a8b1c61ed001056493deb4fd22
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0222e787b0993d5f52a6a6ac80906516272d248426d46e851fcb0b603a64ce56
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8deb4798fe5888f3409a2e49eb2ea33819972a8b1c61ed001056493deb4fd22
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA515BB154020CBFDB228FA4CA48AFA7BFDFF08764F048419FA4596250DB74E9149B64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00718592
                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007185A2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007185AD
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007185BA
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 007185C8
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007185D7
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 007185E0
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007185E7
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007185F8
                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0071FC38,?), ref: 00718611
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00718621
                                                                                                                                                                                                                                                                                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00718641
                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00718671
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00718699
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 007186AF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d106a4906cccecd37dc4f9ed03503bd12737bbecb427a7ec16080a775ab77647
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 43bbf1a1ebf3b71b1bfaae2cfd0ebb452a38858976c6a1e4c5a2d7ba93cfc94c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d106a4906cccecd37dc4f9ed03503bd12737bbecb427a7ec16080a775ab77647
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA412B75640208BFDB129FA9CC48EEA7BBDFF89711F108058F905E72A0DB389941DB65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 006F1502
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 006F150B
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 006F1517
                                                                                                                                                                                                                                                                                                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 006F15FB
                                                                                                                                                                                                                                                                                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 006F1657
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 006F1708
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 006F178C
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 006F17D8
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 006F17E7
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 006F1823
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b0885bdbdaf02d5e5408fdd1c1ce51023dfe7f88f2af8bfba44474b448a33b0e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1cd34c401724fbfba47f4a3ab316147b59b103f6923c473b65907c6c424ff6fd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0885bdbdaf02d5e5408fdd1c1ce51023dfe7f88f2af8bfba44474b448a33b0e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65D115B1A00119DBDF04AFA4D445BB9B7B7BF46740F10815AEA06AF680DB34DC46DBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0070B6AE,?,?), ref: 0070C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0070B6F4
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0070B772
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 0070B80A
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0070B87E
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0070B89C
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0070B8F2
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0070B904
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 0070B922
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 0070B983
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0070B994
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 748382b85ef6e82984ced9947255934e634355d1a52c09d88afb4bd35a4c57f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c63f17c624169e362c25981cb1416c8dbc8369afac9df018bfe0fd7d5a39c569
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 748382b85ef6e82984ced9947255934e634355d1a52c09d88afb4bd35a4c57f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EC15B70208201EFD714DF54C495F2ABBE5BF84318F14869CE59A8B2E2CB79E945CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 007025D8
                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 007025E8
                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 007025F4
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00702601
                                                                                                                                                                                                                                                                                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0070266D
                                                                                                                                                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 007026AC
                                                                                                                                                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 007026D0
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 007026D8
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 007026E1
                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 007026E8
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 007026F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6b09bc25b51e29fbbc9bdaf498a04528fe4c5b7f93fdced3c48304c40518b5b0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9d288fd9ed4ce336957f29e9848492186ec3078ce23d5a0952b78f946cf7e745
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b09bc25b51e29fbbc9bdaf498a04528fe4c5b7f93fdced3c48304c40518b5b0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9061F3B6D00219EFCF05CFE8C888AAEBBF6FF48310F208519E555A7250D775A9418F54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 006BDAA1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD659
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD66B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD67D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD68F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD6A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD6B3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD6C5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD6D7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD6E9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD6FB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD70D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD71F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD63C: _free.LIBCMT ref: 006BD731
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDA96
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000), ref: 006B29DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: GetLastError.KERNEL32(00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000,00000000), ref: 006B29F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDAB8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDACD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDAD8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDAFA
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDB0D
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDB1B
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDB26
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDB5E
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDB65
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDB82
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BDB9A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 189e98e5426166aed59da98646c834dc9f3b740f2953abe78365b33da4452412
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b4d081c51ab237daedf61d46a3666d10a77538c509db81790a9569d4ec90dd81
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 189e98e5426166aed59da98646c834dc9f3b740f2953abe78365b33da4452412
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9314FF1644306AFDB61AA39D845BDAB7EAFF00710F15482DE449DB291EF31ACC08728
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 006E369C
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006E36A7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 006E3797
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 006E380C
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 006E385D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 006E3882
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 006E38A0
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000), ref: 006E38A7
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 006E3921
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 006E395D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 05bb31bdd2e17f5dfcdc307c84c3be04e03306717f09ababcf44a9a967e52a41
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4d8e222a0730aea79d4ffee40b4f94c2ebdd69b4d5e859803849e042499a44c4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05bb31bdd2e17f5dfcdc307c84c3be04e03306717f09ababcf44a9a967e52a41
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A091D471201756AFD709DF65C889BEAF7AAFF44310F008519F999C3291EB30EA45CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 006E4994
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 006E49DA
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006E49EB
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 006E49F7
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 006E4A2C
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 006E4A64
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 006E4A9D
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 006E4AE6
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 006E4B20
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 006E4B8B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 153672bffc0320363cfdbf35bb333b019efb7a52282de80061998bb8cf951206
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 73d755e57a93b9f0ea79028339dbbb55d3a7e76724c498c9b0ead6b2f8b0e104
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 153672bffc0320363cfdbf35bb333b019efb7a52282de80061998bb8cf951206
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D91ED310063459FDB04DF26C985BAA77EAFF84310F048469FD859A296EF34ED45CBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00718D5A
                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 00718D6A
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00718D75
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00718E1D
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00718ECF
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00718EEC
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00718EFC
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00718F2E
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00718F70
                                                                                                                                                                                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00718FA1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0cd402a055a8f249194c9302841e66b5604fb17f6e967d85e8452b6d3a0b38ce
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f35266abc7e3f71d30c86178cb2b657ac8b8bb8ce5c3a6744e9729df139c2bce
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cd402a055a8f249194c9302841e66b5604fb17f6e967d85e8452b6d3a0b38ce
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5581E071604301AFDB50CF28D884AEB7BEAFB88310F14491DF994972D1DB78D985CBA2
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00751990,000000FF,00000000,00000030), ref: 006EBFAC
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00751990,00000004,00000000,00000030), ref: 006EBFE1
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 006EBFF3
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 006EC039
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 006EC056
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 006EC082
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 006EC0C9
                                                                                                                                                                                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 006EC10F
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006EC124
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006EC145
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8d0763039fd76e95136905ee589acf121f2b8a5fbcebdc138120c2c61b0b3fb5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d2600521d125a3c927d887cd987e4663b58e84614a1b04c221c19112fd57fb3e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d0763039fd76e95136905ee589acf121f2b8a5fbcebdc138120c2c61b0b3fb5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D06181B090138AAFDF11CFA9DC88AFE7BBAFB05354F104159E811A3291D775AD16CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 006EDC20
                                                                                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 006EDC46
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006EDC50
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 006EDCA0
                                                                                                                                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 006EDCBC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7030ddcff1f445170ba8e2fa37099aeecfbeff9dbbb10002ba4f470df2cb9461
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 87aab27d450ce9b7225de5ea6ef5b6a9628a3a389f3e6bd99d8196529f4299df
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7030ddcff1f445170ba8e2fa37099aeecfbeff9dbbb10002ba4f470df2cb9461
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2441F0B2A403007ADB51B7759C07EFF77AEEF42750F20406DF900E6182EB759A018BA9
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0070CC64
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0070CC8D
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0070CD48
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0070CCAA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0070CCBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0070CCCF
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0070CD05
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0070CD28
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 0070CCF3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 113dd7ad9e33faf09b13d81f2d75a1b39db7ee72f5f9b176d8cf1021e38b1d66
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6bad8da5343377c0bca3a4272b995d345faf5fecc19f38b753489981b67a9d59
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 113dd7ad9e33faf09b13d81f2d75a1b39db7ee72f5f9b176d8cf1021e38b1d66
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 793182B1A41118FBD7228B94DC88EFFBBBCEF05740F008265E905E6180D7789E45EAB0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 006F3D40
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F3D6D
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 006F3D9D
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 006F3DBE
                                                                                                                                                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 006F3DCE
                                                                                                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 006F3E55
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 006F3E60
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 006F3E6B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 41b59b9fb0dc9374870362bd6dfcf65ae67bee0183f04ef7ce7536e47c843457
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d95ec94c6ea9c83ea90f6b2663cc6a8a674aff7da6ab5bb7f64ea1ca0576aa11
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41b59b9fb0dc9374870362bd6dfcf65ae67bee0183f04ef7ce7536e47c843457
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5531B471940119ABDB219FA4DC49FEF37BEEF89740F1080B9F615D6290EB7497448B28
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 006EE6B4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069E551: timeGetTime.WINMM(?,?,006EE6D4), ref: 0069E555
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 006EE6E1
                                                                                                                                                                                                                                                                                                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 006EE705
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 006EE727
                                                                                                                                                                                                                                                                                                                                                                                • SetActiveWindow.USER32 ref: 006EE746
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 006EE754
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 006EE773
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 006EE77E
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32 ref: 006EE78A
                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(00000000), ref: 006EE79B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 32d9480019ccb653020ca7159b9d4b2d45ee61a2110ffdd8f2847713854635df
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a6b2e2e7799a79c5ddc1ad1803b7fd916ffe1719a3e94a232d011bba01438a7a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32d9480019ccb653020ca7159b9d4b2d45ee61a2110ffdd8f2847713854635df
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4521C6B0381385AFEB015F65EC89BA53B6BF75534AF10C424F405826E2DBBA9C01CA5C
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 006EEA5D
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 006EEA73
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006EEA84
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 006EEA96
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 006EEAA7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3d8acae8e05af914b655a7d7c2ef50c8bfd74dce1e79067d324e0092a0b90688
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 784d5a11fca5e0b26f4fc1903b64ee9ca08598e994b41a7cee2314b0a6ce6143
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d8acae8e05af914b655a7d7c2ef50c8bfd74dce1e79067d324e0092a0b90688
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75118CA1A9036979D720B7A6DC4ADFB6A7DEBD2B00F00052DB801A20D0EFB41A05C6B1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 006E5CE2
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 006E5CFB
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 006E5D59
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 006E5D69
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 006E5D7B
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 006E5DCF
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 006E5DDD
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 006E5DEF
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 006E5E31
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 006E5E44
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 006E5E5A
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 006E5E67
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 153a6cda4696a52f86cfac0efff75591b38dee82ceb053288a46318516967972
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6479625c883f9dd73131dc964f18ad03b323d298ae9469f714cea27beff11dec
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 153a6cda4696a52f86cfac0efff75591b38dee82ceb053288a46318516967972
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87511C70A40705AFDB18CFA9CD89AEEBBB6EF48304F148129F516E7290D7749E04CB54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00698F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00698BE8,?,00000000,?,?,?,?,00698BBA,00000000,?), ref: 00698FC5
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00698C81
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00698BBA,00000000,?), ref: 00698D1B
                                                                                                                                                                                                                                                                                                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 006D6973
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00698BBA,00000000,?), ref: 006D69A1
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00698BBA,00000000,?), ref: 006D69B8
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00698BBA,00000000), ref: 006D69D4
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 006D69E6
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ed7d06da644a2a756ede15740a6a4ad9728439c479ff975496b47f7fc031baf0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bbc4e3b8307adc7e1aba7354b3eb6e0a36190b1a1bedd0dc3968bff3b7f2d888
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed7d06da644a2a756ede15740a6a4ad9728439c479ff975496b47f7fc031baf0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B618C30902700DFCF229F18C958BA577F6FB46313F54851DE0429BAA0CBB9AD81CB98
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699944: GetWindowLongW.USER32(?,000000EB), ref: 00699952
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00699862
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f40bc438ae694edbd005979aeeb86e7ac140db2cd48e7bdf9f5d35e9d1e41dad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 75a53239defc0e6f1eb33fd17eab8e4654b647148b52e46ebb9c31994821c27f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f40bc438ae694edbd005979aeeb86e7ac140db2cd48e7bdf9f5d35e9d1e41dad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D41B271544644AFDF215F7C9C84BF937AAAB06331F148A0DF9A28B2E1E7359C42DB21
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .j
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-79812232
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 92fed38e60f7fc8e40dc6a3f6418ab9c80d1336de36e2dc0bb830a555674e170
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fdaae63552974621a54b48df28723737f4fcaabb6e340680c8f22a4e5f52c4d3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92fed38e60f7fc8e40dc6a3f6418ab9c80d1336de36e2dc0bb830a555674e170
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9C1E2B4904349AFCB51EFE8D841BEDBBB6AF0A310F14409DE914A7392C7749982CB75
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,006CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 006E9717
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,006CF7F8,00000001), ref: 006E9720
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,006CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 006E9742
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,006CF7F8,00000001), ref: 006E9745
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 006E9866
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 77437300a2599d29b4ce9c6ce084635ce9458056529eabe20da8e3822f8772d7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d46a5ac31a7a0e4467ab7db9cfef3d9d951db1636028b9c47a81161120bac45
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77437300a2599d29b4ce9c6ce084635ce9458056529eabe20da8e3822f8772d7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2414BB2800259ABCF44FBE0CD86DEEB37AAF15740F144529F60172192EB296F49CB75
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 006E07A2
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 006E07BE
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 006E07DA
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 006E0804
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 006E082C
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 006E0837
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 006E083C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c50988380452c5a8e34d2d17ac0989505ec5b9f7da6a10e6be360c23c77fcceb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 679e855fe1474311f401aff93d7307e718124122ec16289095fd7c3a6b401d35
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c50988380452c5a8e34d2d17ac0989505ec5b9f7da6a10e6be360c23c77fcceb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9410B72C10229ABDF15EB94DC95CEDB779FF04750B044229E901A32A1EB749E44CBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00703C5C
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00703C8A
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00703C94
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00703D2D
                                                                                                                                                                                                                                                                                                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00703DB1
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00703ED5
                                                                                                                                                                                                                                                                                                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00703F0E
                                                                                                                                                                                                                                                                                                                                                                                • CoGetObject.OLE32(?,00000000,0071FB98,?), ref: 00703F2D
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00703F40
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00703FC4
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00703FD8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6717f970bc8731a62120c29de4a241a302affa77a2414072df8145ad16f775cc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: efe67d96b499b9bd2959eb2af43f8a84ed799b38b8c8b5e7f2eee7c3fd6f232d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6717f970bc8731a62120c29de4a241a302affa77a2414072df8145ad16f775cc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75C133B1608205DFD700DF68C88492BBBE9FF89744F044A1DF98A9B290D734EE45CB62
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 006F7AF3
                                                                                                                                                                                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 006F7B8F
                                                                                                                                                                                                                                                                                                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 006F7BA3
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0071FD08,00000000,00000001,00746E6C,?), ref: 006F7BEF
                                                                                                                                                                                                                                                                                                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 006F7C74
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 006F7CCC
                                                                                                                                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 006F7D57
                                                                                                                                                                                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 006F7D7A
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 006F7D81
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 006F7DD6
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 006F7DDC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: da28b1f8298ae79145215ac66374ee00665064be0d2495209228ab66c5cac9b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4c5a2893e41e7902bf3d49e2a026cdb2f615c262d0eef165525160a7acb3ba90
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da28b1f8298ae79145215ac66374ee00665064be0d2495209228ab66c5cac9b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47C12B75A04109AFCB14DFA8C884DAEBBFAFF49304B148599E919DB361D730EE41CB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00715504
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00715515
                                                                                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(00000158), ref: 00715544
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00715585
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0071559B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007155AC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7c1ed8a4a01e675b155b904b59f32d0c2a9f22979df56863de12859fe2bf449e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7056bdfe70688865d2049791920a38754a6fd929ed42835aa8baf536037c36ab
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c1ed8a4a01e675b155b904b59f32d0c2a9f22979df56863de12859fe2bf449e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D618070900608EFDF159F98CC85EFE7BB9EB89721F108145F925AA2D0D7789AC0DB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 006DFAAF
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 006DFB08
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 006DFB1A
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 006DFB3A
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 006DFB8D
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 006DFBA1
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 006DFBB6
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 006DFBC3
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006DFBCC
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 006DFBDE
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006DFBE9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5a3b3e2248dce778c4bccbf0f4fa2f3cb05b8a835f788b8ef3dcbd968df1c8f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ad114f0346a15277e05021a5338ff0971257d971bc82b0ff03f3d9747fd0a820
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a3b3e2248dce778c4bccbf0f4fa2f3cb05b8a835f788b8ef3dcbd968df1c8f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D415135E04219DFDB01DFA8D8549EDBFBAEF48354F00C06AE946A7361CB34A945CBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 006E9CA1
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 006E9D22
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 006E9D3D
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 006E9D57
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 006E9D6C
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 006E9D84
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 006E9D96
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 006E9DAE
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 006E9DC0
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 006E9DD8
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 006E9DEA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e32f3ed1f275f297a25a4543991d746bd856b106fc51b431b7f66a861bdad172
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ceb727f88c79da2f6d8dd30e99acd4823eac869284361aeec15e8de2a3695cc1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e32f3ed1f275f297a25a4543991d746bd856b106fc51b431b7f66a861bdad172
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B410930505BC96DFF3197A688043F5BEE26F11304F14805ACAC65A3C2EBA499D8CBB2
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 007005BC
                                                                                                                                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?), ref: 0070061C
                                                                                                                                                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(?), ref: 00700628
                                                                                                                                                                                                                                                                                                                                                                                • IcmpCreateFile.IPHLPAPI ref: 00700636
                                                                                                                                                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 007006C6
                                                                                                                                                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 007006E5
                                                                                                                                                                                                                                                                                                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 007007B9
                                                                                                                                                                                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 007007BF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 56681317462b141219c89edaff54e813ee462b878388c2ed59104fbd81c0545a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 065027494c906eb0626f8ce12c220ab45630fe47d357c212217c2a8b2664c641
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56681317462b141219c89edaff54e813ee462b878388c2ed59104fbd81c0545a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB918E75604201EFD720DF19C888F1ABBE1AF45328F1486A9E4698B6E2C778ED45CFD1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2c5911f610d0bb5537499cbb8d6f5cf4888e4a78acfa4f5e8d802a351e1d4347
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 689fedd68541416c6f8c3319b3c3a8c9b481f014c28594ba0ef118dd0263fa8c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c5911f610d0bb5537499cbb8d6f5cf4888e4a78acfa4f5e8d802a351e1d4347
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16519F31A00516DBCF54EF68C9409BEB7E6AF65720B254329E8A6E73C4DB38DD40C791
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32 ref: 00703774
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 0070377F
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,0071FB78,?), ref: 007037D9
                                                                                                                                                                                                                                                                                                                                                                                • IIDFromString.OLE32(?,?), ref: 0070384C
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 007038E4
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00703936
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4552b35777a18899d7fd7943f452d0100ea66ee65be2bbeeea14c0b07c7f27db
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2a2dfd004c83f12a073c77c09559085ef2c433bb0838940d5b274da9e9600d5a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4552b35777a18899d7fd7943f452d0100ea66ee65be2bbeeea14c0b07c7f27db
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E361A070608301EFD311DF54C889B6AB7E9AF49714F104A4DF5859B2D1C778EE48CBA6
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069912D: GetCursorPos.USER32(?), ref: 00699141
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069912D: ScreenToClient.USER32(00000000,?), ref: 0069915E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069912D: GetAsyncKeyState.USER32(00000001), ref: 00699183
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069912D: GetAsyncKeyState.USER32(00000002), ref: 0069919D
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00718B6B
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00718B71
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 00718B77
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00718C12
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00718C25
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00718CFF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1924731296-1558751646
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3f7da40d7af6c82574503d780c1c1513b9c5ef61c91b6a292ba34caf7376a8c3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a5d6562c0797db08a6209261c1b8d1912ab5635ff150cb8b79549a0fdba58013
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f7da40d7af6c82574503d780c1c1513b9c5ef61c91b6a292ba34caf7376a8c3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B751BB70104300AFD704EF28DC5ABAA77E5FB88711F40062DF952A72E1CB78AD44CBA6
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 006F33CF
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 006F33F0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fe2260c60e2566ffd766cc78d8f7f8015d6ad3226d855800d02d1fc383941293
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7408c9c6cbc0c416ac449bc8fac89ef02efa62f8bf39f3e2efc540205ed5ff18
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe2260c60e2566ffd766cc78d8f7f8015d6ad3226d855800d02d1fc383941293
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC51ADB1900219AADF15FBE0CD56EFEB77AAF04300F144169F505722A2EB252F58CB65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f32361ae0f26d7c016e2498d821b5ffe4642619acd3131259a4923a90846c67d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9baad258e73876ec72f8d38d38d4cb138cf9d9d7478e0463f98ddf3ed9eae8ef
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f32361ae0f26d7c016e2498d821b5ffe4642619acd3131259a4923a90846c67d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F541D832A022679ACB206F7E8C905FFB7A7AFA1754B245129E461DB384E735CD81C790
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 006F53A0
                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 006F5416
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006F5420
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 006F54A7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5629b8c5e4a011aa0d924168ae8a5309a74428b5d5af4cd119aa69c86d86a844
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 894a12f72c87b186b6ad257967052374dc71fdacae5bdc15e3b4ca44e20114e1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5629b8c5e4a011aa0d924168ae8a5309a74428b5d5af4cd119aa69c86d86a844
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D318F75A006099FCB11DF68C484AF9BBE6EB05305F148069E606CB392DB35DD82CBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateMenu.USER32 ref: 00713C79
                                                                                                                                                                                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00713C88
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00713D10
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00713D24
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00713D2E
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00713D5B
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00713D63
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 36ba2d23c46afe545ba4696cbd2fb17ce712030892b58b39ae2f4b72123b53d4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 419279cf0b53dfb46fccc8e0d9e1300afd811193d8851337c2add375a4bb2e4f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36ba2d23c46afe545ba4696cbd2fb17ce712030892b58b39ae2f4b72123b53d4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6418D74A01209EFDB14CFA8E844BDA77B6FF49305F144028F946973A0D778AA10CF94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006E3CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 006E1F64
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32 ref: 006E1F6F
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 006E1F8B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 006E1F8E
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 006E1F97
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 006E1FAB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 006E1FAE
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d525889c1c57dc252543e0df506f5b41e7253982685c9b92fff9009712bc4b3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72afdd7758ca9d3817d3a80a7fbb22a480f7271e478eb1434695c70d11420cdc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d525889c1c57dc252543e0df506f5b41e7253982685c9b92fff9009712bc4b3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB21C2B0941214BFCF05AFA5CC85DFEBBBAEF06310B108159F961672D1DB395904DBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00713A9D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00713AA0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00713AC7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00713AEA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00713B62
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00713BAC
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00713BC7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00713BE2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00713BF6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00713C13
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a5338c668641ebe0f31847087a5d4a9369eaa86ac103fa778220bef293a109d9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 32b94696673514f47185a1be7773fdc0e468a1f02d0748d87a57abaa25deb48c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5338c668641ebe0f31847087a5d4a9369eaa86ac103fa778220bef293a109d9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A617F75900248AFDB20DFA8CC81EEE77F8EB09710F104199FA15A72D1D778AE85DB54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2C94
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000), ref: 006B29DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: GetLastError.KERNEL32(00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000,00000000), ref: 006B29F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CA0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CAB
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CB6
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CC1
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CCC
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CD7
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CE2
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CED
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2CFB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c0a5a7cba714c77a2578586b94a66dd0e5e206f4afd79bf1200b6c392a9373f5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 22f2e27aa5342cfd686466da645ca90c4b76c19f44a6f04e625cf5ab42cfd973
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0a5a7cba714c77a2578586b94a66dd0e5e206f4afd79bf1200b6c392a9373f5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD11A7B6100109BFCB42FF55D852CDD3BA6FF05750F4148A9F9485F222DA31EE909B94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006F7FAD
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 006F7FC1
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 006F7FEB
                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 006F8005
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 006F8017
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 006F8060
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006F80B0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: da6d1e2ce800ea304aa8ad3c1649fe5ce349caeff460060d21f87b034dcb5fba
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 56e3f93b14f094091ebbaa3ce00d15413ca3c97207d0dc87d4fa840da4bbe006
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da6d1e2ce800ea304aa8ad3c1649fe5ce349caeff460060d21f87b034dcb5fba
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5081AE725082499FCB20EF14C844ABEB3EABF89314F54885EFA85D7250EB35DD498B52
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00685C7A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00685D0A: GetClientRect.USER32(?,?), ref: 00685D30
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00685D0A: GetWindowRect.USER32(?,?), ref: 00685D71
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00685D0A: ScreenToClient.USER32(?,?), ref: 00685D99
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32 ref: 006C46F5
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 006C4708
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 006C4716
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 006C472B
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 006C4733
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 006C47C4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8174eb8832ed66e9299d36aad8bbb2b82b5a5bca402bc9b45200fb0176d5aeb2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5190376b8d048eb9ef53b4253fdb9bacc21aafc4b6f8ad954d0eb54cd5efe5f1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8174eb8832ed66e9299d36aad8bbb2b82b5a5bca402bc9b45200fb0176d5aeb2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1371AB31400205DFCF21DF64C994EFA3BB6FF4A325F14426DE9565A2A6CB319841DF60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006F35E4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00752390,?,00000FFF,?), ref: 006F360A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: deaef13f09726b825b6ffb51ac9372c6fd367ca6119fd389c2791553ea7d0ccb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 12dcf332f6124721b434f198ed149090dd6938909b10e2fdefb3a6c3686f14dd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: deaef13f09726b825b6ffb51ac9372c6fd367ca6119fd389c2791553ea7d0ccb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A518EB1800259ABDF55FBA0CC42EFDBB36AF04301F044229F205722A1EB351B95CBA9
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006FC272
                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006FC29A
                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006FC2CA
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006FC322
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 006FC336
                                                                                                                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 006FC341
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8c80f1e01bbe1887707dfd8e5c9a1c90a002d9c903cfe772c5d7cbbda2e1b38e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2e86aea04efeadedef30859078dc4e543e0cd87010d8c89ab370550d6eb8d5ea
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c80f1e01bbe1887707dfd8e5c9a1c90a002d9c903cfe772c5d7cbbda2e1b38e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6831B3B250020CAFD7219FA88D84AFB7BFDEB45790F04851DF54692240DB34DD058B65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,006C3AAF,?,?,Bad directive syntax error,0071CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 006E98BC
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,006C3AAF,?), ref: 006E98C3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 006E9987
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 41224b143e87924af4db280336e5cdd4206dab88bbe5106aabad874a076acd78
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf9757e1e7bcbe503e497fc38a729cb04fa8ad3d21beb63b6a71658ab676e90b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41224b143e87924af4db280336e5cdd4206dab88bbe5106aabad874a076acd78
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE21B17184026ABBCF15AF90CC06EFE773AFF19700F084419F515620A2EB359618CB25
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 006E20AB
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 006E20C0
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 006E214D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4c2fb12fc531d6116ce76f2d3b33233304aa41fb8f54711737d793196ac11029
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c2bd9554991844d7b0e08c8c89904786ca1295df271637ffbfa4d69ec5d20464
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c2fb12fc531d6116ce76f2d3b33233304aa41fb8f54711737d793196ac11029
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5115CB62C4707BAF6013226DC17DE6339FCB06324B20405AF704A50E2FFB55D025918
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e1e4bc3403d2c13bb94bbeb6e4606c3799b4892fed0237b6a2e13b772e8f616
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa9ce4879961b48ba025cedc147ee7223abde7a8f05c72e4c68597977fdbed3d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e1e4bc3403d2c13bb94bbeb6e4606c3799b4892fed0237b6a2e13b772e8f616
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F36149F1A04311AFDB21BFB49891AF97BEBEF05320F0441ADF9449B381E6359E818794
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00715186
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 007151C7
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 007151CD
                                                                                                                                                                                                                                                                                                                                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 007151D1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00716FBA: DeleteObject.GDI32(00000000), ref: 00716FE6
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0071520D
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0071521A
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0071524D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00715287
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00715296
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a43c8e786d8d19af227c248a2222497c07a331b386c1580505b165c2d28db190
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6f555435e5cc4107119903fe2f938722527e60a46be813d94e1d4dc711b4ad6c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a43c8e786d8d19af227c248a2222497c07a331b386c1580505b165c2d28db190
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4551A071A90A08FEEF299F6CCC49BD83B76BB85321F148115F514962E0C7BDA9C0EB40
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 006D6890
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 006D68A9
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 006D68B9
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 006D68D1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 006D68F2
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00698874,00000000,00000000,00000000,000000FF,00000000), ref: 006D6901
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 006D691E
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00698874,00000000,00000000,00000000,000000FF,00000000), ref: 006D692D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b31555fc88a0fb1e250185fdef25b6633165d01c9303019f5cb60b7f340d7d77
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a871f1f2e3fa79b33c836041abfb9568e9dc4c39ec4c3ed1c4d29b92686fd593
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b31555fc88a0fb1e250185fdef25b6633165d01c9303019f5cb60b7f340d7d77
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB51A970A00209EFDF20CF28CC55FAA3BBAEB58751F148519F902976E0DB74E991DB54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006FC182
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006FC195
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 006FC1A9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006FC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006FC272
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006FC253: GetLastError.KERNEL32 ref: 006FC322
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006FC253: SetEvent.KERNEL32(?), ref: 006FC336
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006FC253: InternetCloseHandle.WININET(00000000), ref: 006FC341
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ad9403c24fbf38058ba21be4bd12cbe7a77918eb8e81a166b1482097804064d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ccc48c25a9e8c6adad3eb88d8dc60aad8416eacf775de622231d819b20123fa3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ad9403c24fbf38058ba21be4bd12cbe7a77918eb8e81a166b1482097804064d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E31B27114060DAFDB229FE9DE44AF6BBFAFF18320B04841DFA5682650C734EA14DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006E3A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: GetCurrentThreadId.KERNEL32 ref: 006E3A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006E25B3), ref: 006E3A65
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 006E25BD
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 006E25DB
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 006E25DF
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 006E25E9
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 006E2601
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 006E2605
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 006E260F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 006E2623
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 006E2627
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5a330496ba4e5859bd85f4a2f4f6b5a430ba43d2caab5f6fb56da75cd118740f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eeebec3ebbd3cff4ae8ac31046181332c5b4d086b7abafac92d67eb3d3c713e2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a330496ba4e5859bd85f4a2f4f6b5a430ba43d2caab5f6fb56da75cd118740f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A01B5702D0364BBFB1067AD9C8EF993F5ADB4AB11F108015F318AF1D1C9E118449A6D
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,006E1449,?,?,00000000), ref: 006E180C
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,006E1449,?,?,00000000), ref: 006E1813
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006E1449,?,?,00000000), ref: 006E1828
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,006E1449,?,?,00000000), ref: 006E1830
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,006E1449,?,?,00000000), ref: 006E1833
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006E1449,?,?,00000000), ref: 006E1843
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(006E1449,00000000,?,006E1449,?,?,00000000), ref: 006E184B
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,006E1449,?,?,00000000), ref: 006E184E
                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,006E1874,00000000,00000000,00000000), ref: 006E1868
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 73a450e1d061b82c562ba790d84c778dc924f67048dc5c2dc5eeb4f6cb36296d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb4ac1a62cfb106eb7f3d2f3961a5808087e9143dab2113ca8fa7ddbab9b3f08
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73a450e1d061b82c562ba790d84c778dc924f67048dc5c2dc5eeb4f6cb36296d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA01ACB52C0348BFE611ABA9DC4AF977B6DEB89B11F01C411FA05DB1D1C67498009B24
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: }}j$}}j$}}j
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1036877536-1157188393
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 85fd20f6cc1b7e3360cc64f4c9befcbd5b2fd4e7470b3ba406d200aa43b90a4a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBA126B1E002969FDB25DF18C8917FABBE6EF62350F14416DE5859B382CA3499C2C750
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006ED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 006ED501
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006ED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 006ED50F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006ED4DC: CloseHandle.KERNELBASE(00000000), ref: 006ED5DC
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0070A16D
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0070A180
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0070A1B3
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0070A268
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 0070A273
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0070A2C4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6fca9bbb563c3ead6dd2fccc3f685576f05bc035c58205aa3c1f0fe6b7461403
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 842932f835933df43f98d2d92cb557de0d64ad809bf63c3fa0428ebbf97821a1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6fca9bbb563c3ead6dd2fccc3f685576f05bc035c58205aa3c1f0fe6b7461403
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E617971204342EFD720DF18C494F16BBE2AF94318F14859CE4668B6E2C77AEC45CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00713925
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0071393A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00713954
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00713999
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 007139C6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 007139F4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 32986818850defa41992bf5b77e8435f6b844ff662caf3cbcac36a91b7f8b544
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b26c6ef1f90a723f1978b858ed959ed49110cb50a84b497ed5d1266409f37cfa
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32986818850defa41992bf5b77e8435f6b844ff662caf3cbcac36a91b7f8b544
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B41B571A00218ABDF219F68CC45BEA77A9EF08354F10452AF958E72C1D7799D80CB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006EBCFD
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(00000000), ref: 006EBD1D
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 006EBD53
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(01195ED0), ref: 006EBDA4
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(01195ED0,?,00000001,00000030), ref: 006EBDCC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 77e17db8bc1bd91d4f462b4741b11cacb8ad7c9d2b564e2e53a4838a6d469423
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c59cb7b2eb6e5c78cbf61c0112ff624a673b9b895efccbb4efc582b06565a558
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77e17db8bc1bd91d4f462b4741b11cacb8ad7c9d2b564e2e53a4838a6d469423
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77519E70A023899BDB11CFAADC84BEFBBF6AF45314F249119E4119B3D0D7709941CB65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 006A2D4B
                                                                                                                                                                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 006A2D53
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 006A2DE1
                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 006A2E0C
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 006A2E61
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                                • String ID: &Hj$csm
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1170836740-859257324
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b68652991fd6e809b80adc6d1e08b930b43d50b34068d63a873e464de7f52ac2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e8d8fb719dc76df8cdb04965485cab4117f08c9ea3c495db3673852cd1d68c8b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b68652991fd6e809b80adc6d1e08b930b43d50b34068d63a873e464de7f52ac2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57418F34A4021AABCF10FF6CC855ADEBBA6BF46324F148159E8156B392D735AE01CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 006EC913
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 88081f7002276cece6a6be0e593f67884cb1e2e85124118af5bea8386678a170
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b622b7e7a39584345d29f951363f37bb7bd30850be57e1037fbbd3abe0c3bcc6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88081f7002276cece6a6be0e593f67884cb1e2e85124118af5bea8386678a170
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13113D3168A346BAE7016B5A9C83CEF279DDF16334B20002EF504A62C3EBB85D02566D
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4c06fcce61e5b0105b94782cdde8f509dc7f47dd64ef19c33d13a5051c7da2f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 965b9ce9ad7c66da27e8f417d77b54bf8636bb760633ea32d1a3ba74777ea31f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c06fcce61e5b0105b94782cdde8f509dc7f47dd64ef19c33d13a5051c7da2f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87113371900204AFCB20BBA5DC4AEEF37AEDF52310F0041A9F405AA0D1EFB58E818E64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0906a570e30a483cd8bcece0dc4f65e6e0a54054ab998658fbd60a084130cbb5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 89db0477bb8461322e585f94e60d551c64229f42b60bbdd48814d20b09484ba3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0906a570e30a483cd8bcece0dc4f65e6e0a54054ab998658fbd60a084130cbb5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59419E65C11258A5CB51BBF4CC8AACFB7AEAF46300F00846AE514E3121EB34E755C7E9
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,006D682C,00000004,00000000,00000000), ref: 0069F953
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,006D682C,00000004,00000000,00000000), ref: 006DF3D1
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,006D682C,00000004,00000000,00000000), ref: 006DF454
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f2362eb76feae4cc873e9ed034c2d21bcf2fc59eca16e2f79c21df1c2757ffd8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f924fde9108cb349a69a7ff83c4846da06c340a9cbceec58e47b6038676ebd70
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2362eb76feae4cc873e9ed034c2d21bcf2fc59eca16e2f79c21df1c2757ffd8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32410931604680BECF399B2D88887EA7BDBAB56314F16843DF047D6FA1C675A881C791
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00712D1B
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00712D23
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00712D2E
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00712D3A
                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00712D76
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00712D87
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00715A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00712DC2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00712DE1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9756006a1026a1adee93d833315e5d1374af696d51c54ec1623686e8a4c83b13
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c4042458f8c1478bc8af3556d1673c2439962c5516d6815c14a8d36999233226
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9756006a1026a1adee93d833315e5d1374af696d51c54ec1623686e8a4c83b13
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4319C72241214BFEB158F58DC8AFEB3BA9EF09711F048055FE48AA2D1C6799C51CBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b43bdfff7b27e2c0b1fff27ba5f461061f9ab15ddffac339783617b7216a8b49
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4dee3d2cd69b742673b528b229872ed9dfa309d1922c93bf6e6ebf3b2e637618
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b43bdfff7b27e2c0b1fff27ba5f461061f9ab15ddffac339783617b7216a8b49
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F213AA1642B4477DB14AE264DA2FFB335FAF12388F000024FD065E6D1FB24ED1185E8
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1c57b9b27a7b11280dee8dc09100be4774a0506f809ab739a055c25e38b3f6e4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e315c0d9fb3bd7b6fb81d34377c7ebc4c47a894a814ddbccb3e455958ea65e32
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c57b9b27a7b11280dee8dc09100be4774a0506f809ab739a055c25e38b3f6e4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AD18DB5A0060ADFDF10CFA8C881BAEB7F5BF48344F148269E915AB281E7749D45CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,006C17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 006C15CE
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006C1651
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,006C17FB,?,006C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006C16E4
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006C16FB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B3820: RtlAllocateHeap.NTDLL(00000000,?,00751444,?,0069FDF5,?,?,0068A976,00000010,00751440,006813FC,?,006813C6,?,00681129), ref: 006B3852
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,006C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006C1777
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 006C17A2
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 006C17AE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c3fdfdc6c891a95a6c111104c821b5229cfddb522a07ec14369fca0427763b6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ba13b871ce5a50924c9ad1846016dfba527807f0fa903dbbe9ff5a519d456545
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3fdfdc6c891a95a6c111104c821b5229cfddb522a07ec14369fca0427763b6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 849192B1E102169ADF219E64C851FFE7BB6DF4B310F58465DE801EB282D735DD418BA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3332bd088543cd8cc660b216a901d9ae458dbbee55d065582891c89ba527bab6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d12bb68e725531f4cd5efd3ca738216f12543a798e1beeac831dba812e70544a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3332bd088543cd8cc660b216a901d9ae458dbbee55d065582891c89ba527bab6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C59160B1A00219EBDF24CFA5CC44FAE7BF8EF46714F108659F615AB281D7789941CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 006F125C
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 006F1284
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 006F12A8
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006F12D8
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006F135F
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006F13C4
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006F1430
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8bdb325d9c479fbeec731ea1b234187835c67b8b9a662f2a090bada905886941
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7569ed1c265172941b00eece3a854d896fbe2c5aa8e7c1699cb6f948f0fb3862
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bdb325d9c479fbeec731ea1b234187835c67b8b9a662f2a090bada905886941
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB91B071A00219DFDB01DFA8C885BFEB7B6FF46365F148029EA10EB291D774A941CB94
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 652a82a7704423021947b2e5ee1c91ee313e7910fa0872e406efa286da3a1c54
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 21a20bb0332488251c52bef331b14545ee349188973bddf7bfaffb5a32b80fde
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 652a82a7704423021947b2e5ee1c91ee313e7910fa0872e406efa286da3a1c54
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95912671D40219AFCF11CFA9CC84AEEBBB9FF49320F158059E515B7251D378AA42CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0070396B
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00703A7A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00703A8A
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00703C1F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006F0CDF: VariantInit.OLEAUT32(00000000), ref: 006F0D1F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006F0CDF: VariantCopy.OLEAUT32(?,?), ref: 006F0D28
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006F0CDF: VariantClear.OLEAUT32(?), ref: 006F0D34
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eb042bb9b2d58c63459a632cf0e38b650285bb00565eb8bac851768dadb27df9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 06cf7177b3c3a5441bfc2fd7a06e8153e9e5b7c8b6ec076f93022cd2ee77d2ae
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb042bb9b2d58c63459a632cf0e38b650285bb00565eb8bac851768dadb27df9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 039158B4608305DFC704EF64C48096AB7E9BF89314F148A2DF8899B391DB35EE05CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?,?,?,006E035E), ref: 006E002B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?,?), ref: 006E0046
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?,?), ref: 006E0054
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?), ref: 006E0064
                                                                                                                                                                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00704C51
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00704D59
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00704DCF
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 00704DDA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 326f6bdfedd770ba5ebede0782280512da980725671a3ed55922aefa06a9b454
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6481fd0b5a58fdb439f8d611910c53b6c632ad0c5a1118abe62a635174f0f90f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 326f6bdfedd770ba5ebede0782280512da980725671a3ed55922aefa06a9b454
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E9119B1D00219DFDF15EFA4C891AEEB7B9BF08310F108669EA15A7291DB745A44CF60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenu.USER32(?), ref: 00712183
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 007121B5
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 007121DD
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00712213
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 0071224D
                                                                                                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(?,?), ref: 0071225B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006E3A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: GetCurrentThreadId.KERNEL32 ref: 006E3A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006E25B3), ref: 006E3A65
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007122E3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EE97B: Sleep.KERNEL32 ref: 006EE9F3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c71c212db8b6424bf5c6c02a8c9c9dccc4967b37335af649991454dba97b6d94
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 38131ba6427cfd56c6c27c477d72dceb3e427482c1726d865662ab9959fef2e8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c71c212db8b6424bf5c6c02a8c9c9dccc4967b37335af649991454dba97b6d94
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2718675A00205AFCB50EF68C845AEEB7F6FF48310F158459E916EB392D738ED528B90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(01195EA8), ref: 00717F37
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(01195EA8), ref: 00717F43
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0071801E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(01195EA8,000000B0,?,?), ref: 00718051
                                                                                                                                                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00718089
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(01195EA8,000000EC), ref: 007180AB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 007180C3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f80c561b8fcc5504411bfe792e53bebed0b9b2878a3ee638697117e6538c3b85
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c66fd741bb73e44eb83e45b6e760c13c57f5ade81330bcb25f46943067528213
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f80c561b8fcc5504411bfe792e53bebed0b9b2878a3ee638697117e6538c3b85
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06719274608208AFEB259F68CC84FEB7BB9EF09300F144459E945572E1CB39AD86DB11
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 006EAEF9
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 006EAF0E
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 006EAF6F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 006EAF9D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 006EAFBC
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 006EAFFD
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 006EB020
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a1a478286591f5fa41b490d1c080dabedd2bb393e0416fa4e09637fb65e44d4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e37a96f580c1696ed861e4c37be6151c42758491c6d52930e6b47a3eb62edd75
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1a478286591f5fa41b490d1c080dabedd2bb393e0416fa4e09637fb65e44d4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E051DFB06157D53DFB3683768845BFBBEAA5B06304F088489E1D9469C2C398BCC8D751
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(00000000), ref: 006EAD19
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 006EAD2E
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 006EAD8F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 006EADBB
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 006EADD8
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 006EAE17
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 006EAE38
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9927f635ea3961094473d9d63070f8ec6ec093594250591808690812ad52ede5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8e7cddd378797a9761e259e51b1171c8171bc7a1b6de93f9c0f1b38b2f332db1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9927f635ea3961094473d9d63070f8ec6ec093594250591808690812ad52ede5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C51F6B15067D53DFB3383B68C95BFA7EAA5F46300F088588E1D5469C2D294FC88E762
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetConsoleCP.KERNEL32(006C3CD6,?,?,?,?,?,?,?,?,006B5BA3,?,?,006C3CD6,?,?), ref: 006B5470
                                                                                                                                                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 006B54EB
                                                                                                                                                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 006B5506
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,006C3CD6,00000005,00000000,00000000), ref: 006B552C
                                                                                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,006C3CD6,00000000,006B5BA3,00000000,?,?,?,?,?,?,?,?,?,006B5BA3,?), ref: 006B554B
                                                                                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,006B5BA3,00000000,?,?,?,?,?,?,?,?,?,006B5BA3,?), ref: 006B5584
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2a39e10e8328d26c999189c028c9e39a26d802535d2702bf078a259d5c6b83cf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 150b3b5a47e492c8b9216f2e71d6c203faf4bdcdbc55dae17d3a741ea7496227
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a39e10e8328d26c999189c028c9e39a26d802535d2702bf078a259d5c6b83cf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA51E7B1A006489FDB21CFA8D841BEEBBF6EF09301F14415AF556E7391D7309A81CB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0070307A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070304E: _wcslen.LIBCMT ref: 0070309B
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00701112
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00701121
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 007011C9
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 007011F9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2a2aebfa40af6f54154a7f1823a62d25d777258266250ea7f0f3858802e1f8a0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 124a04a0cdda0206c03ed154fe48af5158256b816f7847a10875c062c1c95df1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a2aebfa40af6f54154a7f1823a62d25d777258266250ea7f0f3858802e1f8a0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC41E431600208EFDB159F58C884BAAB7EAEF45324F14C259F915AB2D1C778ED41CBE5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006ECF22,?), ref: 006EDDFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006ECF22,?), ref: 006EDE16
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 006ECF45
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 006ECF7F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006ED005
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006ED01B
                                                                                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 006ED061
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 13afc841235b2acce1d917224c451f088662a5afb668b43c43f0ef54c993bdc5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b96c8d9a005d8d0581ca537979cc035a848fc59f328426b696e1758ff8fafa6b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13afc841235b2acce1d917224c451f088662a5afb668b43c43f0ef54c993bdc5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 354165718462585FDF52EFA5C981ADEB7BAAF48380F0000EAE505EB141EA35AA85CB54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00712E1C
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00712E4F
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00712E84
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00712EB6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00712EE0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00712EF1
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00712F0B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f3599b340026dc8180377db5382315b58875608677ec69db9b415dfbe9db4cf7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4e12fd4c02ef8b08aa98209cd2ef2d9f0c7b31a5501e3d2413090057c759312d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3599b340026dc8180377db5382315b58875608677ec69db9b415dfbe9db4cf7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3131F430644250AFDB218F5CDC88FE537E5EB4A711F1581A4F9108B2F2CB79ACA59B45
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006E7769
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006E778F
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 006E7792
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 006E77B0
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 006E77B9
                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 006E77DE
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 006E77EC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e4b77836d4b23a836f9926afea5903b421e82f4b16ebbf878ee78b09e44c2037
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9f3fe8a45c5410c861992a0016868ea1406063be7ca39b759006f292c65dc2f3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4b77836d4b23a836f9926afea5903b421e82f4b16ebbf878ee78b09e44c2037
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6621AE76609259AFDF10DFADCC88CFB77ADEB093647148025FA04DB290D674DC428764
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006E7842
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006E7868
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 006E786B
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32 ref: 006E788C
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 006E7895
                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 006E78AF
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 006E78BD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 437abfdd1d55d1eda4bd5d7b6f50acb9b8e498f1273456dcfba51d31a0ebf52f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 387428cb7e2023dabb04c5c9d2545ec66f37472887052335c373b2af2b26d3be
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 437abfdd1d55d1eda4bd5d7b6f50acb9b8e498f1273456dcfba51d31a0ebf52f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F21AC71609254AFAB10ABE9CC88DEB77ADEB18360710C125F914CB2A0DA74DC41CB68
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 006F04F2
                                                                                                                                                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006F052E
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d229e299374b29e662c90286bb49b57a399eeb4d6c31a441690eb8b9d9c310f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cac877980728add3e16f8967f30f354e6ba8f630fc8667d6580abfd924290644
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d229e299374b29e662c90286bb49b57a399eeb4d6c31a441690eb8b9d9c310f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F22162B5500309ABEF209F69DD44AEA77A5BF44724F208A19F9A1D72E1D7B0D940CF20
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 006F05C6
                                                                                                                                                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006F0601
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1f443c4c0ef56ec29281ded37fdb138da86182a2f3fa2c68fa35f6ae22ef9f43
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a761fc742800d7fbd7ea8e995385474b82bf028474781b55436e52f44aca931a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f443c4c0ef56ec29281ded37fdb138da86182a2f3fa2c68fa35f6ae22ef9f43
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7021B5756003199BEB208F68CC04AEA77E5BF85720F204A19FEA1E73D1D7B09860CB14
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0068600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0068604C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0068600E: GetStockObject.GDI32(00000011), ref: 00686060
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0068600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0068606A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00714112
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0071411F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0071412A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00714139
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00714145
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b243b194c84b3fad6b5794ce6f4d683a0bc582f5ceff40b9be6ad22cda117151
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cee2de49cd01391ec357ff75073319eaf161c16bd5ec288acc88538ccbc0ba2e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b243b194c84b3fad6b5794ce6f4d683a0bc582f5ceff40b9be6ad22cda117151
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C211B6B214021DBEEF119F68CC85EE77F6DEF09798F004110F618A6090C7769C61DBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006BD7A3: _free.LIBCMT ref: 006BD7CC
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD82D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000), ref: 006B29DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: GetLastError.KERNEL32(00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000,00000000), ref: 006B29F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD838
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD843
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD897
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD8A2
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD8AD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD8B8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ee9af1d6bcde403effaffd5558156c86d751c2b2f51bcc9dc861482476ba4c44
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA112CB1540B04BAD5A1BFB1CC46FCB7BDE6F00700F400C29B29DAA092EA65E5854754
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 006EDA74
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 006EDA7B
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 006EDA91
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 006EDA98
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 006EDADC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 006EDAB9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: af5afefcdabb3e016a2233f3dd747e2dc732979607eaacbb00c076fa9676c265
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 77036e3220ca43acb28963701db0bce54e222be394f3b36d1438a2f38989627e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af5afefcdabb3e016a2233f3dd747e2dc732979607eaacbb00c076fa9676c265
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE0186F65403087FE7119BE8DD89EE7336CEB08701F4084A5B706E6081E6789E844F78
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(0118F320,0118F320), ref: 006F097B
                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(0118F300,00000000), ref: 006F098D
                                                                                                                                                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 006F099B
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 006F09A9
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 006F09B8
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(0118F320,000001F6), ref: 006F09C8
                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0118F300), ref: 006F09CF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fcbf016d7326592194def83e9aa3d3d1dbb1101a38d204547dd36e5b42217e18
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e2176d0be22cd4ca7a9741ac789b70c312f3e25a46f593611189169898f9a22f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fcbf016d7326592194def83e9aa3d3d1dbb1101a38d204547dd36e5b42217e18
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6F0E131482612BBE7525FD8EE8DBE67B36FF05702F40A015F201508E1D7799565CF94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00701DC0
                                                                                                                                                                                                                                                                                                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00701DE1
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00701DF2
                                                                                                                                                                                                                                                                                                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00701EDB
                                                                                                                                                                                                                                                                                                                                                                                • inet_ntoa.WSOCK32(?), ref: 00701E8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E39E8: _strlen.LIBCMT ref: 006E39F2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00703224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,006FEC0C), ref: 00703240
                                                                                                                                                                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00701F35
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cb0a2bbac54433a32f9123c3872584c28ec2577802eabe46ae4b98e4fd37a674
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ae81d2f06809abfc50c0375a1a96ef80afba9e9d0064574990a8b2c683fe6302
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb0a2bbac54433a32f9123c3872584c28ec2577802eabe46ae4b98e4fd37a674
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9B10370204301EFD724EF24C895E2A7BE6AF85318F948A4CF5565B2E2DB35ED42CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00685D30
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00685D71
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00685D99
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00685ED7
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00685EF8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e036bc2e005ea1567e1f8f60562ad6d8fcb17dca5392fe896dced60427084ed2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e5d2108fb8e654e013371c0024b66ea80e7427769d0a769078768433e40c0dd1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e036bc2e005ea1567e1f8f60562ad6d8fcb17dca5392fe896dced60427084ed2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74B16A34A0074ADBDB10DFA9C844BEAB7F2FF58310F14851AE8AAD7250DB34EA51DB54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 006B00BA
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B00D6
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 006B00ED
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B010B
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 006B0122
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B0140
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 53b26c59451b950ee10819ae8761759ac3693a4034de502da4d62ba5da1c813b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D281D4B1A007069FE724AFA8CC41BEB77EAAF46364F24413EF551D6281E770DD808B55
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,006A82D9,006A82D9,?,?,?,006B644F,00000001,00000001,8BE85006), ref: 006B6258
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,006B644F,00000001,00000001,8BE85006,?,?,?), ref: 006B62DE
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006B63D8
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 006B63E5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B3820: RtlAllocateHeap.NTDLL(00000000,?,00751444,?,0069FDF5,?,?,0068A976,00000010,00751440,006813FC,?,006813C6,?,00681129), ref: 006B3852
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 006B63EE
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 006B6413
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 01a26788420023522c40870bc8479b09d494f8f0b5a3bcef5ff436c9bddad19a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6c8ccaa726430f9c8cb43e5b0a1d36fbf0506a773985fd6d09c48e385297f2a5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01a26788420023522c40870bc8479b09d494f8f0b5a3bcef5ff436c9bddad19a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF51BFB2A10216ABEB258F64DC81EEF77ABEB44750F144629FC05D6240EB38DDC5C760
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0070B6AE,?,?), ref: 0070C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0070BCCA
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0070BD25
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0070BD6A
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0070BD99
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0070BDF3
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0070BDFF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 44d261be243f65f410004472f1b112fb758922b5e38f73a91795d5027f1b3dba
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93ad06f781e7d39348a3a64ce7163b7e8983dcdf0837e74d43265ddadb03ed4a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44d261be243f65f410004472f1b112fb758922b5e38f73a91795d5027f1b3dba
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB81C270218241EFD714DF64C885E2ABBE5FF84308F148A5CF5558B2A2DB35EE45CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000035), ref: 006DF7B9
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 006DF860
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(006DFA64,00000000), ref: 006DF889
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(006DFA64), ref: 006DF8AD
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(006DFA64,00000000), ref: 006DF8B1
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 006DF8BB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b6ea9df7766c9164ba32a4430fc75fb1d1ad1b314a2937357671739fef9f8de0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fe0078295a75937c077d36584faa13c04f03bfdb22be7a905fe5f315274d11b1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6ea9df7766c9164ba32a4430fc75fb1d1ad1b314a2937357671739fef9f8de0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7551B531D40310BACF60AB65D8A5B69B3EAEF45310B24946BED07DF391DB708C41CB9A
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00687620: _wcslen.LIBCMT ref: 00687625
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 006F94E5
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F9506
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F952D
                                                                                                                                                                                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 006F9585
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a507787787730152bbd38021e6ac1a434a9696a468215f30ede04f984526d1e4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2982b47c8404c869f63387794b199cef7c00ff195b742cd0b4a409aff571e58b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a507787787730152bbd38021e6ac1a434a9696a468215f30ede04f984526d1e4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BE1C2715083508FC754EF24C881B6AB7E6BF85310F04896DF9899B3A2DB31DD05CBA6
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?,?), ref: 00699241
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 006992A5
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 006992C2
                                                                                                                                                                                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 006992D3
                                                                                                                                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00699321
                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 006D71EA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699339: BeginPath.GDI32(00000000), ref: 00699357
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0fb6e94f06c02b9006a24640b321e44882f04059372ff8dc158606cf62110d9b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dfc42a1788e5d0e33bfa1586a5878cce5ddcf27c287bf925c26c39db3e62525f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fb6e94f06c02b9006a24640b321e44882f04059372ff8dc158606cf62110d9b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0741CC70104340AFDB21DF68CC84FEA7BAAEB46322F14422DF994872E1C774A845DB66
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 006F080C
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 006F0847
                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 006F0863
                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 006F08DC
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 006F08F3
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 006F0921
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 42d9e43d04665000efea8b82a8300c7e8ba67f847f88de41a5962387c199916e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0a880e9ce27858ed652fe070519e128ba5d75d462eb4f46981f24c7e9adc7050
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42d9e43d04665000efea8b82a8300c7e8ba67f847f88de41a5962387c199916e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1041AF71A00209EFEF15AF54DC85AAA777AFF04300F1480A9ED00DA297DB74DE50DBA8
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,006DF3AB,00000000,?,?,00000000,?,006D682C,00000004,00000000,00000000), ref: 0071824C
                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00718272
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 007182D1
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 007182E5
                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 0071830B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0071832F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 74fd0e3bd4a204c28a9cf29e25b2ed13c11605c63a382ebf792121e0e0df3fac
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ffab3f8c887d5b521be8264e9e658a1611425cf5963d8b18e57372cb8bb432e6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74fd0e3bd4a204c28a9cf29e25b2ed13c11605c63a382ebf792121e0e0df3fac
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5041C734601644EFDB52CF18C899BE87BE0FB06715F1881A9E5184B2E2CB79AC81CB55
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 006E4C95
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 006E4CB2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 006E4CEA
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006E4D08
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 006E4D10
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 006E4D1A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 60166d26683d1902d7c04e38e4de9f48855f2a219914efdc89c3fd5dfde94c53
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8014d848c2163924a4d4d19856a8a1695dcc4d565923abfaf86880b731a2ee1f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60166d26683d1902d7c04e38e4de9f48855f2a219914efdc89c3fd5dfde94c53
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3213832205340BBEB165B7AEC09EBB7BAEDF45750F10807DF805CB292EE65DC0196A4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00683AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00683A97,?,?,00682E7F,?,?,?,00000000), ref: 00683AC2
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006F587B
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 006F5995
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0071FCF8,00000000,00000001,0071FB68,?), ref: 006F59AE
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 006F59CC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c0a442705e8b6fc33ef1d5f5204cd7d985b77097c9543e6575dd769ec78f8b6a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e4a43098e479ce0c2f2d97be3abef8519738c41b0469876730445c95c9361e00
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0a442705e8b6fc33ef1d5f5204cd7d985b77097c9543e6575dd769ec78f8b6a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AD175706087059FC714EF28C49096ABBE6FF89710F14895DFA8A9B361DB31EC45CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006E0FCA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006E0FD6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006E0FE5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006E0FEC
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006E1002
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000000,006E1335), ref: 006E17AE
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 006E17BA
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 006E17C1
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 006E17DA
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,006E1335), ref: 006E17EE
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E17F5
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 58510213004396f4bb23293734081c1eb8321b585e40d25d9603f2d415cf1812
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8f7ae52e931b32b12c7ad77eb481f6b6a2a1a2e693b1d9f8dd4afd12fbff61a5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58510213004396f4bb23293734081c1eb8321b585e40d25d9603f2d415cf1812
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4611AC71582305FFDF119FA9CC49BEE7BBAEB46755F108018F8819B250C739AA40EB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 006E14FF
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 006E1506
                                                                                                                                                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 006E1515
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000004), ref: 006E1520
                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006E154F
                                                                                                                                                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 006E1563
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e437b29b8446f7de3bbb8a1958dc0780346683a282b10c341f1a9c125749e41d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fc2212456d7924521b2e1e575b34fb74803b85da2c514f3cba3ca4148ca86534
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e437b29b8446f7de3bbb8a1958dc0780346683a282b10c341f1a9c125749e41d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 911159B250124DEBDF12CFD8DD49BDE7BAAEF49704F048014FA05A61A0C3758E60EB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,006A3379,006A2FE5), ref: 006A3390
                                                                                                                                                                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 006A339E
                                                                                                                                                                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006A33B7
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,006A3379,006A2FE5), ref: 006A3409
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e1f6947f62d5c7be23718e5a9fba590756475eb9ab478b4461b35bf728cff8e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c98b57a717b1b0220f1afa200dc4310de5628cbe6901d9a88b8d17e0eab5092c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1f6947f62d5c7be23718e5a9fba590756475eb9ab478b4461b35bf728cff8e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E701473360E331BEAAA637B47C855A72A96EB17379320822EF420843F1EF254D025D4C
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,006B5686,006C3CD6,?,00000000,?,006B5B6A,?,?,?,?,?,006AE6D1,?,00748A48), ref: 006B2D78
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2DAB
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2DD3
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,006AE6D1,?,00748A48,00000010,00684F4A,?,?,00000000,006C3CD6), ref: 006B2DE0
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,006AE6D1,?,00748A48,00000010,00684F4A,?,?,00000000,006C3CD6), ref: 006B2DEC
                                                                                                                                                                                                                                                                                                                                                                                • _abort.LIBCMT ref: 006B2DF2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e665eaeccce5a932bebbbd680702db25c4f32af600a758396fc5fb731b347ae9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5668c018185f397804fcb59b8545e5099a2bd070d7218dccb895a83e72bb1d73
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e665eaeccce5a932bebbbd680702db25c4f32af600a758396fc5fb731b347ae9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03F02DF554561227C6533778BC36EDA15D76FC77A1F20851CF824922D6DF3888C14369
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00699693
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699639: SelectObject.GDI32(?,00000000), ref: 006996A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699639: BeginPath.GDI32(?), ref: 006996B9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699639: SelectObject.GDI32(?,00000000), ref: 006996E2
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00718A4E
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00718A62
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00718A70
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00718A80
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00718A90
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00718AA0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f15fc88aeab7e1bf5583227533f806a7bfc5a1ecb5b0a981851b11fa9d157100
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e43d4383d656213f3230c01d313f7e31318b03dd7941d4fd03ff1a66e0f69c10
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f15fc88aeab7e1bf5583227533f806a7bfc5a1ecb5b0a981851b11fa9d157100
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A11F77604014CFFEB129F98DC88EEA7F6DEB08351F00C012BA199A1A1C775AD55DBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 006E5218
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 006E5229
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006E5230
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 006E5238
                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 006E524F
                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 006E5261
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4e99357ec633b7884b8c700044a5a550e45b2c3dfde506f9d94454720f9a3ea2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dac321222907d278baa8caf1080cfcd87ff91dae52aaee4940f7223bdf4c001d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e99357ec633b7884b8c700044a5a550e45b2c3dfde506f9d94454720f9a3ea2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD018475E41708BBEB115BEA9C49A9EBF79EB48351F048065FA05A7380D670D900CB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00681BF4
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00681BFC
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00681C07
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00681C12
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00681C1A
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00681C22
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e37f887b9bd4edbf5c4018132e2701ab1c7baf1df362c0b6cc283c6b908872a4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 987e8bc580772fcd5b0f3daf1053374add1e05c21dd6d586d89d59b5cff9d54f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e37f887b9bd4edbf5c4018132e2701ab1c7baf1df362c0b6cc283c6b908872a4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69016CB0942759BDE3008F5A8C85B52FFA8FF19354F00415B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 006EEB30
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 006EEB46
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 006EEB55
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006EEB64
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006EEB6E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006EEB75
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 749af5f460ab83004f283c674e0377ee247bc0df6acd64fd6adde620904500be
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 187a70c51407ca5b814e99fe8de7000aca235e38374d5c131e0937c42422420c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 749af5f460ab83004f283c674e0377ee247bc0df6acd64fd6adde620904500be
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63F09072180158BBE72257969C0EEEF3A7CEFCAB11F00C158F601D10D0D7A41A01C6B9
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?), ref: 006D7452
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 006D7469
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 006D7475
                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 006D7484
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 006D7496
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 006D74B0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3c7dab1082661cf626203d4e3afa89eebb2691c50ed939a5abd90f2002e0cf2c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e207c7ef1499ca4f4bf5875f09255b207230df2a40bfd06364dfa7a310f208df
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c7dab1082661cf626203d4e3afa89eebb2691c50ed939a5abd90f2002e0cf2c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB018B31440215EFDB525FA8DC08BEE7BB6FB04311F6080A4F915A22E0DB352E51EB15
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 006E187F
                                                                                                                                                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 006E188B
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 006E1894
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 006E189C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 006E18A5
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E18AC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b69629ccc40f74155e829f60c68f10cda70330dae8f1e8a574ea22e0614979b4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7ebcda2de398e0c811609d7c93e9d953c2ffd6e4494c931173b1413c779fde9f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b69629ccc40f74155e829f60c68f10cda70330dae8f1e8a574ea22e0614979b4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6E0ED76484215BBD7025FE9ED0C985BF39FF49721710C220F225810F0CB765420EF54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0068BEB3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: D%u$D%u$D%u$D%uD%u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1385522511-690889655
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: acb79b2fe72ef4f23e965bac18e1899f6eba5c9ab3a47000fddd4c1749a12660
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d208f336c3ff344af4244767700962a4131e777a37ef6668bd807836720901b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acb79b2fe72ef4f23e965bac18e1899f6eba5c9ab3a47000fddd4c1749a12660
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5912A75A0020ADFCB18DF58C0906AAB7F2FF59314F24926ED945AB351E771AD82CBD0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A0242: EnterCriticalSection.KERNEL32(0075070C,00751884,?,?,0069198B,00752518,?,?,?,006812F9,00000000), ref: 006A024D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A0242: LeaveCriticalSection.KERNEL32(0075070C,?,0069198B,00752518,?,?,?,006812F9,00000000), ref: 006A028A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00A3: __onexit.LIBCMT ref: 006A00A9
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00707BFB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A01F8: EnterCriticalSection.KERNEL32(0075070C,?,?,00698747,00752514), ref: 006A0202
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A01F8: LeaveCriticalSection.KERNEL32(0075070C,?,00698747,00752514), ref: 006A0235
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: +Tm$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 535116098-2641281785
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 39e83e414f415a0b9abba1ce2a60d6afa82c9162eabbcb60d00c1bee25046d1e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fc56407f3ccc7c658cec2e98696e2266a759aa0d5623c03c33245e207cb4318e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39e83e414f415a0b9abba1ce2a60d6afa82c9162eabbcb60d00c1bee25046d1e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24918C70A04209EFDB08EF94D8919BEB7F6BF45300F14825DF8069B292DB75AE45CB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00687620: _wcslen.LIBCMT ref: 00687625
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006EC6EE
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006EC735
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006EC79C
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 006EC7CA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 895617ff6cacd3fc3d6a85acf1d677b9ec4ec136e79ab867a0e6f7dbe0aca62d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2195470ebfde3f4585a68f69f373667d19d0bf8b18e9de91cfd354079b796a9b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 895617ff6cacd3fc3d6a85acf1d677b9ec4ec136e79ab867a0e6f7dbe0aca62d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D51F3716063809BDB509F2AC845BEB7BEAAF49320F040A2DF991D32D0DB74DC068F56
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 0070AEA3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00687620: _wcslen.LIBCMT ref: 00687625
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessId.KERNEL32(00000000), ref: 0070AF38
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0070AF67
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1bce79907f4957a9bd5eb26101c6bcc2667a2bb6ae7078fbfb63fe3894cf3897
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 13025ad5ec9c569af676e2896d174d4b9d70b931692ddce68a10138d22cf6a1b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bce79907f4957a9bd5eb26101c6bcc2667a2bb6ae7078fbfb63fe3894cf3897
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78717A71A00215EFCB14EF54C485A9EBBF1BF08314F14869DE816AB792CB78ED41CBA5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 006E7206
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 006E723C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 006E724D
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 006E72CF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6f8fd947a0b4811f1311101ac0fef1d2fe327824a2916b7e873f35d16fa52493
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4bed613c6ea28118f4be66c1422bb9a0057a136577c6f3968e7b75c64df7c759
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f8fd947a0b4811f1311101ac0fef1d2fe327824a2916b7e873f35d16fa52493
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E418EB1A05345EFDB15CF95C884A9A7BAAEF44310F1480ADFE059F24AD7B4DA41CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00713E35
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00713E4A
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00713E92
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00713EA5
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e9b2d2c6369d72d2adcb8ec513a723250beb0419c24517e998cc0198aacc29bb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7f3186949d1d138b36094bf3288b1d957aabc1dd00f945437af8dbae717056c9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9b2d2c6369d72d2adcb8ec513a723250beb0419c24517e998cc0198aacc29bb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D414C75A00309EFDB10DF58D884ADABBB5FF45351F048119E915A7290D738AE98CF50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006E3CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 006E1E66
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 006E1E79
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 006E1EA9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a15a1e1537b4a25b3638288b1c0201b9cb6376d5af68485a2a8843b3f2acba2c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c2ad923494881778a7f2cbb93f356cc0dcd6888772cacb873ecbae678979f37e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a15a1e1537b4a25b3638288b1c0201b9cb6376d5af68485a2a8843b3f2acba2c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A92149B1A41244BFDB14ABB5CC49CFFB7BADF42350B14411DF821AB2E1DB3849069B20
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00712F8D
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00712F94
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00712FA9
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00712FB1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: af586b2f070dc83322e53e91a351ffe6f529afbd154ab64f1b8492d25c480e1d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2dff48dcc5b6d1cc1812fed2dc954fa99f6e3fc302afa225060361e9a120676c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af586b2f070dc83322e53e91a351ffe6f529afbd154ab64f1b8492d25c480e1d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5521AC71204209ABEB114FA8DC84EFB37BDEB59364F108618FA50D61E1D779DCA39760
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,006A4D1E,006B28E9,?,006A4CBE,006B28E9,007488B8,0000000C,006A4E15,006B28E9,00000002), ref: 006A4D8D
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006A4DA0
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,006A4D1E,006B28E9,?,006A4CBE,006B28E9,007488B8,0000000C,006A4E15,006B28E9,00000002,00000000), ref: 006A4DC3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f2212f92dad9e58cc4c8a4f9a4ddf40d24d1afe2fbed8afbf1cd8d6ba108283e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c34475ee7361d761fd4db62bfec2a17ec4405cad753efcc32d0607ee22383cb0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2212f92dad9e58cc4c8a4f9a4ddf40d24d1afe2fbed8afbf1cd8d6ba108283e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42F0A434580218BBDB116F94DC49BDDBBB5EF44711F008094F805A22A1CF745D40DE94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 006DD3AD
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 006DD3BF
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 006DD3E5
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49f8cec36df8716b373640e0943aabd17dc4fff204ce1146d6948ad1c5be952b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b68557f6c0b7d4d504311b8657a31fe57afe57569f4d02d2c64f7e4539b0edba
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49f8cec36df8716b373640e0943aabd17dc4fff204ce1146d6948ad1c5be952b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01F05C70CC1620E7DB3237548C14DE972275F11702B56C057F901E1344D724CE408697
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00684EDD,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684E9C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00684EAE
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00684EDD,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684EC0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 91ca440c365584461b9633e19bb646de990eba3f725288012b0f1f0b84de5424
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84919cc9070ffc76ded7bcf50402dd9a429d9adc0c2f4ac1602639a308b5131e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91ca440c365584461b9633e19bb646de990eba3f725288012b0f1f0b84de5424
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EE0CD75A816236BD3332B6D6C1CBEF6655AF81F627058215FC04E2380DF68CD0151A4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,006C3CDE,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684E62
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00684E74
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,006C3CDE,?,00751418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00684E87
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c81ca259a61614a80a9dea477934e78fe486478b06966874598670669e336631
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f0f54d3ac71940b0df3b3ac28171ac887267b23ef0a5f9026402d5c8f6e5da85
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c81ca259a61614a80a9dea477934e78fe486478b06966874598670669e336631
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34D0C2715C26226746332B686C0CDCB6A1AAF81F113058210B804E2290CF28CD0192D4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006F2C05
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 006F2C87
                                                                                                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 006F2C9D
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006F2CAE
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006F2CC0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6e3ca295387bc3c34023155922118180a503249a4bb7e73797353799407e2ea5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1c57639abf560fc72c009150a2cfb805f146ed0e0344eb5593c1f7fbfd62157e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e3ca295387bc3c34023155922118180a503249a4bb7e73797353799407e2ea5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CB13E71D0011DABDF51EBA4CC95EEEBBBEEF49350F1040AAF609E6141EA309E448F65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0070A427
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0070A435
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0070A468
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0070A63D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 39868f2b07a7439e3718b71fe89d9f8227274aec4949fb7eb494f0ecc9b2c07c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: caea2379d40cf4ca23973ea9f7f363bac3b6b27c24368877cd5f4d408c636608
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39868f2b07a7439e3718b71fe89d9f8227274aec4949fb7eb494f0ecc9b2c07c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51A1D371604300AFE720DF28D886F2AB7E6AF84714F14891CF55A9B2D2D7B4EC40CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00723700), ref: 006BBB91
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0075121C,000000FF,00000000,0000003F,00000000,?,?), ref: 006BBC09
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00751270,000000FF,?,0000003F,00000000,?), ref: 006BBC36
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BBB7F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000), ref: 006B29DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: GetLastError.KERNEL32(00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000,00000000), ref: 006B29F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BBD4B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f1df6a6b2656d7c699bc0ec7101529df09562b40cee6d227272a79fa48b8a9d1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2b7a9c9202178489bd5b41431e810686b6b02d0d6e64a94138f41ca80dbb69bd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1df6a6b2656d7c699bc0ec7101529df09562b40cee6d227272a79fa48b8a9d1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC51EAF1900209AFCB10EF65DC819EEBBBAFF41311F50526EE514D7291EBB49E818B58
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006ECF22,?), ref: 006EDDFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006ECF22,?), ref: 006EDE16
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EE199: GetFileAttributesW.KERNEL32(?,006ECF95), ref: 006EE19A
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 006EE473
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 006EE4AC
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006EE5EB
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006EE603
                                                                                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 006EE650
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cc5b6b6fc4c77f6b2f83c48f608fcde6fba2a56d6f11c71bff5efde65c023a4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 631248d7a1f5e24f9858376c85c08a505b96524cc63f9c8fdf8466efc2355da9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc5b6b6fc4c77f6b2f83c48f608fcde6fba2a56d6f11c71bff5efde65c023a4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D351B8B24093859BC764EB90DC81DDFB3EEAF85340F00491EF589D3191EF75A5888B6A
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0070B6AE,?,?), ref: 0070C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070C998: _wcslen.LIBCMT ref: 0070CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0070BAA5
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0070BB00
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0070BB63
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 0070BBA6
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0070BBB3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 565653633a5840fef39935675bddd869a254ed8e8d32f4b97ab25265168d60f1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 07f3325b520bcb8d98469b8224f6cee73071dfcfb48ec6ae8410391a85a88d40
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 565653633a5840fef39935675bddd869a254ed8e8d32f4b97ab25265168d60f1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA61A171208241EFD714DF64C890E2ABBE5FF84308F548A5CF4994B2A2DB35ED45CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 006E8BCD
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 006E8C3E
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 006E8C9D
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 006E8D10
                                                                                                                                                                                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 006E8D3B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6b6f5062cebdc857bc4f06a8bf8edcb0ce2413de66d6a5c44acf47da4bcb110f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c0ab9c55394f13cd458638fbd54e4e82bdbd633208cee970858ee69a8e82f4ad
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b6f5062cebdc857bc4f06a8bf8edcb0ce2413de66d6a5c44acf47da4bcb110f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B5189B5A01259EFCB10CF69C884AAABBF9FF89310B158559E909DB350E734E911CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 006F8BAE
                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 006F8BDA
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 006F8C32
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 006F8C57
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 006F8C5F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ffc35f5e413fda901d23c565b217a966288e7712a9c6ba1bad6856fdc8ece923
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e162c3c27da46b94a7f746450c4e135b40e5e61dad1093efb32f44cdd0263faa
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffc35f5e413fda901d23c565b217a966288e7712a9c6ba1bad6856fdc8ece923
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D515F35A002199FCB05DF54C881AADBBF6FF48314F08C498E949AB362CB35ED41CBA5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00708F40
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00708FD0
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00708FEC
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00709032
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00709052
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,006F1043,?,7644E610), ref: 0069F6E6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,006DFA64,00000000,00000000,?,?,006F1043,?,7644E610,?,006DFA64), ref: 0069F70D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 11259cfdbcf74c3564d433a2802d8485ca87b96f41d76b2618740a627b34470d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 44b17cb53cfefc509faa391df57bc977fa81b5d65d21e0483e08686afb26b037
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11259cfdbcf74c3564d433a2802d8485ca87b96f41d76b2618740a627b34470d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE515F74600206DFCB55EF68C4848ADBBF1FF49314F088298E945AB3A2DB35ED85CB95
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00716C33
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00716C4A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00716C73
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,006FAB79,00000000,00000000), ref: 00716C98
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00716CC7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 53d7e09270870840ecba1fbfb7971b7a18b8b6da50b559d5cacb423113c46804
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c7158988340b6830d0bb6c646e9717466ffa69510f8b852065bddfbd37b9d64f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53d7e09270870840ecba1fbfb7971b7a18b8b6da50b559d5cacb423113c46804
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF41F375A04104AFDB25DF6CCC58FE97BA5EB09350F154268F895A72E0D379FD80CAA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9202ec4f3ac32b6af5118bdfc93044ab6605bc15e63d5e84537d2ccaaae7db36
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 55f4a22a6040ec0efb1c38e4832dfb7b08daaed515530476b1b7156127ee300b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9202ec4f3ac32b6af5118bdfc93044ab6605bc15e63d5e84537d2ccaaae7db36
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC41E4B2A00201AFCB20DF78C890A9DB7E6EF89314F158569E615EB351DB31AD41CB80
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00699141
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 0069915E
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00699183
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 0069919D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f87de7fb2dfa6914234a2795ca81bb329566cd62f7d9ab017f1ec8dcfa341f36
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a6c0fab8c9087d1608c2bdd32f9041c86fe9e0218073867c2c197261cbac8ef1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f87de7fb2dfa6914234a2795ca81bb329566cd62f7d9ab017f1ec8dcfa341f36
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD41607190851AFBDF159F68C848BEEB77AFB05324F24831AE425A33D0D7345951CBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 006F38CB
                                                                                                                                                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 006F3922
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 006F394B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 006F3955
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006F3966
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c8baba99295c358c7801db3822418a89838f1d87db2e0f919d4ba1a9520fa82c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 29dd6928f13dda1e48474b41c03a3846e55b22155ddfc7478b7b48c315241c67
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8baba99295c358c7801db3822418a89838f1d87db2e0f919d4ba1a9520fa82c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA310B7050439A9EEB35CB74D809BF637AAAB01342F44856DD662C23D0F3F8AA85CB15
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,006FC21E,00000000), ref: 006FCF38
                                                                                                                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 006FCF6F
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,006FC21E,00000000), ref: 006FCFB4
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,006FC21E,00000000), ref: 006FCFC8
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,006FC21E,00000000), ref: 006FCFF2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 055c0e4f62b65678cf32280da465afa934a81f9645766236cb9c6ef3475cc479
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 643d37b21c79f8517c18e5240e2909cd89098bdab4de3a3fcefaff24fea838dc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 055c0e4f62b65678cf32280da465afa934a81f9645766236cb9c6ef3475cc479
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65314D7150520DAFDB20DFA9C9849BABBFAEF14360B10842EF616D2240DB34AE41DB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 006E1915
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 006E19C1
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 006E19C9
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 006E19DA
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 006E19E2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f8efd6a87f704a7096aa54d770483d769de8d682a150dc1f700c26c15100a90b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 036a0a19b3b9d73331086f1241dfc3e8e4936aeb41cb0e58e1f9efa7a54f45b7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8efd6a87f704a7096aa54d770483d769de8d682a150dc1f700c26c15100a90b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5431AF71900259EFCB00CFADC999ADE3BB6EB05315F108229F921AB2D1C7709944DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00715745
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 0071579D
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007157AF
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007157BA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00715816
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8705210395be794540cc747e99426f178fd5f5c90eca7118bff3159de9194dcb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5828e986e301b1dd3c5145f08e536d0ca607b48421047524b4127efb9da89108
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8705210395be794540cc747e99426f178fd5f5c90eca7118bff3159de9194dcb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A621A271904618DADB209FA8CC85EEEB7B8FF84725F108256E929EA1C0D77899C5CF50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00700951
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00700968
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 007009A4
                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 007009B0
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 007009E8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0e541dbb40284f6986e9996bf7cc1ba92a5e868a5161dd9599e9d40e07418a58
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ce9a09c70a09412fce0472feebfa7a1131a2acc9a76ba36f60723dba2fb57701
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e541dbb40284f6986e9996bf7cc1ba92a5e868a5161dd9599e9d40e07418a58
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A218179600204EFD744EFA9D884AAEBBF5EF45750F04C16CE94A973A2DB74AC04CB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 006BCDC6
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006BCDE9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B3820: RtlAllocateHeap.NTDLL(00000000,?,00751444,?,0069FDF5,?,?,0068A976,00000010,00751440,006813FC,?,006813C6,?,00681129), ref: 006B3852
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 006BCE0F
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BCE22
                                                                                                                                                                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 006BCE31
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 113c645581917d927da657490009b2609c83e4e3bd467bdcd8a6d70af81a8609
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 528ff0e1bd62f75f7aee231e4b2bb34b5a8bcef147efe3153d807b0bf76310ea
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 113c645581917d927da657490009b2609c83e4e3bd467bdcd8a6d70af81a8609
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1801D8F2601215BF632216BA6C48CFB696EDEC6FB1315412DF905DB240DA64CE4393B5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00699693
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 006996A2
                                                                                                                                                                                                                                                                                                                                                                                • BeginPath.GDI32(?), ref: 006996B9
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 006996E2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 27a5f95f305024d6c2a509097401d5b38bcde6f284f88d41e6c1be34a06fe9bd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b41cc71033a5f3f6975bc4dd06e218e2140ad19c81d453222aedfa8ca323aeb3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27a5f95f305024d6c2a509097401d5b38bcde6f284f88d41e6c1be34a06fe9bd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96218370801385EBEF119F6CEC047E93B6ABB11357F50821AF411962F0D3B8A851CBA8
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7ed3f2e527eeaf5bb8f1d8e5837baac3a8743aa470f188a27fe42aff7a05f33b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 179270f8e766e5ca211d70f9a2590622e2e6e09bca9f6f579aa5f19afee47402
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ed3f2e527eeaf5bb8f1d8e5837baac3a8743aa470f188a27fe42aff7a05f33b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D501F9E1242705FBDB08A9169D52FFB735F9B22398F000024FD069E281FB60ED6186F4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,006AF2DE,006B3863,00751444,?,0069FDF5,?,?,0068A976,00000010,00751440,006813FC,?,006813C6), ref: 006B2DFD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2E32
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2E59
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00681129), ref: 006B2E66
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00681129), ref: 006B2E6F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c216e24e8a408a3c3fcfdf8ed92efdd46cbcfcb03032b2f51a13933133d8406c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7b558b3436141b4c706b7d57da68c86ccf293a56e590ad64b63e37e26781489c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c216e24e8a408a3c3fcfdf8ed92efdd46cbcfcb03032b2f51a13933133d8406c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB0149F624560227C613277A6C96DEB16DBABC6761720842CF824A23D2EF38CCC30324
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?,?,?,006E035E), ref: 006E002B
                                                                                                                                                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?,?), ref: 006E0046
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?,?), ref: 006E0054
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?), ref: 006E0064
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006DFF41,80070057,?,?), ref: 006E0070
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f0e7e1084e25455880687d4814d34dcb20c73182debff609b6f72c54fb2f606c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8226634a45f2bd35a7a9c21f32db7eb648588b9d11e9d46bc288547ee3f481ec
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0e7e1084e25455880687d4814d34dcb20c73182debff609b6f72c54fb2f606c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B01A272641304BFEB119FAADC44BEA7AEEEF44751F148124F905D6250D7B5DD808BA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 006EE997
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 006EE9A5
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 006EE9AD
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 006EE9B7
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32 ref: 006EE9F3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dd50e03af6b41e49409f543ecac73e44994e7d7edff7ac90150a162036ea818f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9b77edd85017200425632d322928a549012e9c83520f46c3fcd6f932c7772e83
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd50e03af6b41e49409f543ecac73e44994e7d7edff7ac90150a162036ea818f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD018471C4262DDBCF009FE5DC596EDBBB9FF08301F108546E501B2241CB395551C765
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006E1114
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E1120
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E112F
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006E0B9B,?,?,?), ref: 006E1136
                                                                                                                                                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006E114D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 10f6991939e30acda66da9cec73150d6eebf5b70adee39a7d530579242186fec
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3e377c470aa9cb9e3128ec2bf473b5fae4201f65a918faff4e5f50c7f4611ea2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10f6991939e30acda66da9cec73150d6eebf5b70adee39a7d530579242186fec
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 050181B9141305BFDB124FA9DC49EEA3F6EEF86360B108414FA41C7390DB75DC009A60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006E0FCA
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006E0FD6
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006E0FE5
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006E0FEC
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006E1002
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 47ef24ee7068f4b495749fe5f9e67395b78ff5cd9138d4f9743b4e1edbdd67c3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2cb3d9a1b22e964839aaabba9812f6b15a3819c1cf612b178202b8399521aa38
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47ef24ee7068f4b495749fe5f9e67395b78ff5cd9138d4f9743b4e1edbdd67c3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32F0AF79281305BBD7220FA99C49F963B6EEF8A761F118414F905CA290DA34DC409A60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006E102A
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006E1036
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006E1045
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006E104C
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006E1062
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: af6287620d48e1145fa843582450a5b009c7096836b36897fb0a13747e99ef0b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d31506918e9047b6c57dbbcb7ff7dfd0f0216e6a2eb14119b669d2c7f30076e1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af6287620d48e1145fa843582450a5b009c7096836b36897fb0a13747e99ef0b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31F0C279281305FBD7221FE9EC49F963B6EEF8A761F118414F905CB290CE34DC809A60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,006F017D,?,006F32FC,?,00000001,006C2592,?), ref: 006F0324
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,006F017D,?,006F32FC,?,00000001,006C2592,?), ref: 006F0331
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,006F017D,?,006F32FC,?,00000001,006C2592,?), ref: 006F033E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,006F017D,?,006F32FC,?,00000001,006C2592,?), ref: 006F034B
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,006F017D,?,006F32FC,?,00000001,006C2592,?), ref: 006F0358
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,006F017D,?,006F32FC,?,00000001,006C2592,?), ref: 006F0365
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e9a7f70ca46c14163a3bb555720240491ac0fe15e3e6e1e49c3c532070ae80a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6470faff149e9c1d07561bb015195b167a2854ebbdc26667925d8d8c6ef01420
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e9a7f70ca46c14163a3bb555720240491ac0fe15e3e6e1e49c3c532070ae80a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC01A276800B1A9FD7309F6AD880862F7F6BF503153158A3FD29652A32C371A954CF80
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD752
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000), ref: 006B29DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: GetLastError.KERNEL32(00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000,00000000), ref: 006B29F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD764
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD776
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD788
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006BD79A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 229ea432af34e192173561d490f758ce85d153d871175f84a5e2b08353757550
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 21b931d55458fce7d30ff5858a1c6f65984eac20e27a435c092d40cee072f0de
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 229ea432af34e192173561d490f758ce85d153d871175f84a5e2b08353757550
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EF019B2501205BB86A2FA65F9858DA77DEBB057107954C1AF048DB601DB24F8C08768
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 006E5C58
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 006E5C6F
                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 006E5C87
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 006E5CA3
                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 006E5CBD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e9160fb07824f9143db8ec18d1a53564f7883bbdebadc5a882a2ca99ec554013
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1dfdf8945015f7fabab999fd9f197e2048975d2e9162f370cb039c3bb803b5fc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9160fb07824f9143db8ec18d1a53564f7883bbdebadc5a882a2ca99ec554013
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1601F430540B04ABEB215B55DD5EFE677B9BF04F09F00825DB283A10E1DBF4A985CB95
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B22BE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000), ref: 006B29DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B29C8: GetLastError.KERNEL32(00000000,?,006BD7D1,00000000,00000000,00000000,00000000,?,006BD7F8,00000000,00000007,00000000,?,006BDBF5,00000000,00000000), ref: 006B29F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B22D0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B22E3
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B22F4
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B2305
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4965d8c59828258617c1f43929f785d28bb10a8cda88900588a2997986fae4a2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 029e520742f4338c7ee93839f7d13ed41aa7cb2cff7a78f7d6a29098f28867cd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4965d8c59828258617c1f43929f785d28bb10a8cda88900588a2997986fae4a2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BF030B45013119B8693BF55BC119D83BA6B719B53B418A0FF418D22B1C77C05919BED
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 006995D4
                                                                                                                                                                                                                                                                                                                                                                                • StrokeAndFillPath.GDI32(?,?,006D71F7,00000000,?,?,?), ref: 006995F0
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00699603
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 00699616
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00699631
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 05a3c40fb9eaa45747d03459a57ae5f921b691e384469abb6177a14d918577b4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1a7bb8ccfcc06d32cbd7a72bf30d5e8b58214ff988e3bce47ec405ff13e644e4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05a3c40fb9eaa45747d03459a57ae5f921b691e384469abb6177a14d918577b4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0F03C30045388EBDB125FADED1C7E93B66AB05323F44C218F465955F0C7B89992DF68
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a7b8b207f47fa5c15da38d3479075b7a304a5a2cf3f1fc2dd47014b0e1fa9d59
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 979aaa51b8f8b8741a05ad17542029286eb12f4d24b75d094f7b746b90c1f886
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7b8b207f47fa5c15da38d3479075b7a304a5a2cf3f1fc2dd47014b0e1fa9d59
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83D1D3B1900205EADB249F68C865BFAB7B2EF07300F98415AE9019F751E7759EC1CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A0242: EnterCriticalSection.KERNEL32(0075070C,00751884,?,?,0069198B,00752518,?,?,?,006812F9,00000000), ref: 006A024D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A0242: LeaveCriticalSection.KERNEL32(0075070C,?,0069198B,00752518,?,?,?,006812F9,00000000), ref: 006A028A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A00A3: __onexit.LIBCMT ref: 006A00A9
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00706238
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A01F8: EnterCriticalSection.KERNEL32(0075070C,?,?,00698747,00752514), ref: 006A0202
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A01F8: LeaveCriticalSection.KERNEL32(0075070C,?,00698747,00752514), ref: 006A0235
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006F359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006F35E4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006F359C: LoadStringW.USER32(00752390,?,00000FFF,?), ref: 006F360A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                                                • String ID: x#u$x#u$x#u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1072379062-3372033415
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c7e5d70dcadb555aa2d944832df6407f8b9847b0932d103f2203d0590a45fd1d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 83a7115a5ccbf13789dca1e197f730ace9ef7ef69fc27306bbc20b3f918893c8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7e5d70dcadb555aa2d944832df6407f8b9847b0932d103f2203d0590a45fd1d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87C16C71A00105EFDB14EF98C8A0EBAB7FAEF49310F148169F9059B291DB74EE55CB90
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: JOh
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-3066325924
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ecc4b3bdf2563cb7e37261f740811eeb550613505cd0ee5565491893f168cc8e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 32783232c119bfed01e7ec13fcac915130d22e02071208362f0d8845b90c30ec
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecc4b3bdf2563cb7e37261f740811eeb550613505cd0ee5565491893f168cc8e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D5191B5D006099FDB21AFE4C845FEE7FBBAF05310F14005DF406A7292D7759A828B66
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 006B8B6E
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 006B8B7A
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 006B8B81
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .j
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2434981716-79812232
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6bc01c7912973724bf176b04d0ea3cd9aa4f327f7940a23298fbac0cced34595
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a45204116e08c063d3d7ff94ed352ca9e7f218169b6220c9efb2b4770bdd1be2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bc01c7912973724bf176b04d0ea3cd9aa4f327f7940a23298fbac0cced34595
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A417BF0604145AFCB259F78CC80AF97FABDB85304B2881ADF88487242DE358C82C794
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006E21D0,?,?,00000034,00000800,?,00000034), ref: 006EB42D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 006E2760
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006E21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 006EB3F8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EB32A: GetWindowThreadProcessId.USER32(?,?), ref: 006EB355
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,006E2194,00000034,?,?,00001004,00000000,00000000), ref: 006EB365
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,006E2194,00000034,?,?,00001004,00000000,00000000), ref: 006EB37B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006E27CD
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006E281A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eaf3a51415fd37454da6e931cc52c95b3b91da02121bac05d1eff455c3224176
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 385362a80be49d5a7adabbbaba17b1c08ad69cadea7d113f7e70f6c767de6ae8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eaf3a51415fd37454da6e931cc52c95b3b91da02121bac05d1eff455c3224176
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F416D72901218BFDB10DFA4CD52AEEBBB9EF09300F109099FA45B7181DB706E45CBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 006B1769
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B1834
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 006B183E
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2506810119-3695852857
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b25f23b3c81ac0887f985689b13514d3b2bcc82339c7b123b24b7c049f01e2af
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a0e63b397f52ea0f60ce9c61fad1148477f02b062824e9d5f21a395795a87fb9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b25f23b3c81ac0887f985689b13514d3b2bcc82339c7b123b24b7c049f01e2af
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0731A6B1A40218BBDB21DF999895DDEBBFEFB86310F90416AF404DB211D6704E81CB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 006EC306
                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 006EC34C
                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00751990,01195ED0), ref: 006EC395
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 02992e7b721a6e92ad838a7d4e0ed83e6a23b6303a3d01c2a345f75625649a5b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e0b0ee1d822b1d8a41f629966620aa9524f7c06c27783c3a5079f4477d8bb3a0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02992e7b721a6e92ad838a7d4e0ed83e6a23b6303a3d01c2a345f75625649a5b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4141B2312053819FD720DF2AD844F5ABBEAAF85320F14861DF9A5973D1D730E906CB66
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0071CC08,00000000,?,?,?,?), ref: 007144AA
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 007144C7
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007144D7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8a93001cdf380636ef96fa7e1ea5313f18e30332942b452617c61f4353cfc4ca
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a21e08c61efc0155124b6926aa5db5d91eea72b9db3d0759a5f8a0566741bb38
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a93001cdf380636ef96fa7e1ea5313f18e30332942b452617c61f4353cfc4ca
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D431AD71200245AFDF219E7CDC45BEA7BAAEB08334F208319F975921D0D778ECA09B50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SysReAllocString.OLEAUT32(?,?), ref: 006E6EED
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopyInd.OLEAUT32(?,?), ref: 006E6F08
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 006E6F12
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *jn
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2173805711-4286829910
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e961724a0915d85b89fb862147c2197663847a5b5587292ca839aad089fbd39
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 074cf53fc732d0ae1dfa09320a9dccb7db5a601c74d4dab5adb2610fda154007
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e961724a0915d85b89fb862147c2197663847a5b5587292ca839aad089fbd39
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF31C171605385DBCB05AFA6E8508BD3777FF61340B100598F9024B2B1CB349912DB95
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0070335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00703077,?,?), ref: 00703378
                                                                                                                                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0070307A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0070309B
                                                                                                                                                                                                                                                                                                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00703106
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9eb66ee70efd13f6eba387dac90acffba912a18e4ffcba7d7b4d9bf29baaaab5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 52772c350d589e5bc8a0812036ef79a33054c0675f84e78126461df76bab8e3d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9eb66ee70efd13f6eba387dac90acffba912a18e4ffcba7d7b4d9bf29baaaab5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD31D339200205DFDB10DF68C485EAAB7E9EF54318F248259E8158B3D2DB7AEE45C760
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00713F40
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00713F54
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00713F78
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c3d022ccd89edd8e230fe556a14b4f6c0567b6243e877171cb3cd80911772643
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 465ee3997e950724f894f8000b8add42f5da87eba0f4dd5868ea7f22f0c20bd9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3d022ccd89edd8e230fe556a14b4f6c0567b6243e877171cb3cd80911772643
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5221AD32600219BBDF218E94CC46FEA3B79EB48724F114218FA157B1D0D6B9A995CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00714705
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00714713
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0071471A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 69347577664d89f6202c3a966cb3a63eb175ba69f58274aee099bf5dbdfe81c2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4879eb1731d475bc1c6e9ee3571b05b3ac828b344a4328373ac06ec3e4794aad
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69347577664d89f6202c3a966cb3a63eb175ba69f58274aee099bf5dbdfe81c2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B215CB5600209AFEB11DF68DC81DA737ADEB4A7A8B044059FA009B291CB75EC51CA64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6a5cd3c291d0c5962aedf2b510fd7a92538cc4f029f2b74c3c5c8777abf4642f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dbeb9a3e56b062991a9798e1751821d676861e926720b6c5def7a22d2bfe328a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a5cd3c291d0c5962aedf2b510fd7a92538cc4f029f2b74c3c5c8777abf4642f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2213B7220579066D731BB2A9C02FFB739AAF51300F10442AF94997282EB559D81C3B9
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00713840
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00713850
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00713876
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: de17cb2494df1e57bf60c581c2c9d4edb3cdff16e9cac8095c5f8eb66027017b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84a932e2d7bcb9f77de2a4aec3b67756dc0f6c11f748da5cee939894e7034365
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de17cb2494df1e57bf60c581c2c9d4edb3cdff16e9cac8095c5f8eb66027017b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF217C72610218BBEF219F98DC85EEB376AEF89760F108124F9049B1D0C6799C9287A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 006F4A08
                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 006F4A5C
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,0071CC08), ref: 006F4AD0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e140a390ad9e5a7d374d492a508335f1f5a122a1cca5b98aa26c017e4d8c9ee8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0e1f59ffa11e7359ca0cf5d1c3b4739ca8f7ff48c10453ea25adfcd541209480
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e140a390ad9e5a7d374d492a508335f1f5a122a1cca5b98aa26c017e4d8c9ee8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4318E70A40108AFDB11DF58C881EBA7BF9EF09308F1480A8E909DB252DB75ED46CB65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0071424F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00714264
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00714271
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1e203c44c73f9d5ecf89dcb0da74873f59cf3906197f034026c5e1117112dc85
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb950357a1d6f49c5018ef538d49c50dfd44de45563535c01931d0b3e8f95b71
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e203c44c73f9d5ecf89dcb0da74873f59cf3906197f034026c5e1117112dc85
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0211E331240208BEEF205E68CC06FEB3BACFF95B64F114114FA55E20D0D275DC919B14
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 006E2DC5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 006E2DD6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E2DA7: GetCurrentThreadId.KERNEL32 ref: 006E2DDD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 006E2DE4
                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 006E2F78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E2DEE: GetParent.USER32(00000000), ref: 006E2DF9
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 006E2FC3
                                                                                                                                                                                                                                                                                                                                                                                • EnumChildWindows.USER32(?,006E303B), ref: 006E2FEB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 787186279592c2bcee0070025aaa4bb17a77cf7b36988b071d2d179d00eb1a4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: da96012c193a189ece0e8e65f4b6ffb2999ff989af360441f7fca19217ab902e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 787186279592c2bcee0070025aaa4bb17a77cf7b36988b071d2d179d00eb1a4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA11E4B1600345ABCF417FB5CC9AEEE376BAF84304F048079FA099B292DE3499458B74
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007158C1
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007158EE
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32(?), ref: 007158FD
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 63f66b04e95393c6de655f69f9b853683bf7baa6b3501686f963fa5cfc066d03
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d6d2a4126fd26917b287389507e3995f04b34db660423844ba1dc737b2897208
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63f66b04e95393c6de655f69f9b853683bf7baa6b3501686f963fa5cfc066d03
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D901AD31500258EFDB219F59DC44BEEBBB9FB85360F10C099E848D6191DB349AD0DF21
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6243a16004bbf746d7a94e7d27720ea00db91d3a09e976449291ba4afb14f6b0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84e1bd43d49cb5f501eaa9b05617d5a3b1d592f5448d8246f9f66e873129d7ba
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6243a16004bbf746d7a94e7d27720ea00db91d3a09e976449291ba4afb14f6b0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3C18D75A01256EFEB14CFA5C884AAEB7B6FF48304F208598E505EF251C771DE82CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dbaaa77f812ec49ad6dce3cac41db4cf61b429f5c583fc10ab8f54f15e953889
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2c74c124ea394b5e56b9bfd071a3e8384b30236f031704af410fcba97be36a44
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbaaa77f812ec49ad6dce3cac41db4cf61b429f5c583fc10ab8f54f15e953889
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DA12A75604200DFC740EF28C485A2AB7E9FF88714F148A5DF9999B3A2DB35ED01CB56
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0071FC08,?), ref: 006E05F0
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0071FC08,?), ref: 006E0608
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,0071CC40,000000FF,?,00000000,00000800,00000000,?,0071FC08,?), ref: 006E062D
                                                                                                                                                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 006E064E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 989965c19e0f2571d7c248af9ca5783e84bf0fb611c9ea969c51988cc56be55f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d4a15aca9fd2fdfc9aa075bab55f9b0f3f252b4625974a582bccc6be8bdece47
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 989965c19e0f2571d7c248af9ca5783e84bf0fb611c9ea969c51988cc56be55f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2811B71A00209EFDB04DF94C984EEEB7BAFF89315F204558E516AB250DB71AE46CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0070A6AC
                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0070A6BA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 0070A79C
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0070A7AB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,006C3303,?), ref: 0069CE8A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0320122fa247547661bcb0439924b068fb9e3ecef3d7e9d45efbaaf53e2e0f06
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 17d48455067efc370e34576ec1d2ba180b3352cd2d911ec1e694432d118ae1bb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0320122fa247547661bcb0439924b068fb9e3ecef3d7e9d45efbaaf53e2e0f06
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02517FB1508300AFD750EF24C885E6BBBE9FF89754F008A2DF58597291EB34D904CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3e990e7bc1f3114f91cf5418156f68f9cb8e81fd50233e14b6c3d29f0cff5052
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: db5b4b0e61c642620a04a0c4f1857d85aef75404926a7e10181406f57980a00f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e990e7bc1f3114f91cf5418156f68f9cb8e81fd50233e14b6c3d29f0cff5052
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F741E271A00500AADB297BF98C45FFE3AE7EF43360F24862DF419DA293E63489415766
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 007162E2
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00716315
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00716382
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ca6e1498bafd7f1c9dd890ee8d836b406c3e9bb32d6676a054c3610b2a9ab8af
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 83e68f3c1de97b955bfa9604f9cc9a5a656a2c20ccac65f7bd7d9aadcdc7cccc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca6e1498bafd7f1c9dd890ee8d836b406c3e9bb32d6676a054c3610b2a9ab8af
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7512974A00249AFDF10DF68D880AEE7BB6FB45361F108259F9259B2D0D774ED81CB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00701AFD
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00701B0B
                                                                                                                                                                                                                                                                                                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00701B8A
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00701B94
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 24fcd095b16101a75e697fc1d175f47a11f4554c86e63eaca114ef3c711177ef
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 737efb72bca5de69285b2128bd3c4e858b35191017bc667fc96ef2e26df238bc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24fcd095b16101a75e697fc1d175f47a11f4554c86e63eaca114ef3c711177ef
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B741BF74640200AFE720AF24C886F2A77E6AF44718F54C58CFA1A9F6D2D776DD41CB94
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 73b2dc97920a4e35d1de2f844ed08101781efd09b3d57db4a6be83ea4d628c90
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf2a45741105707f283628327db68e363f9e540b41a8e3654b6c6d2114f3a2a4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73b2dc97920a4e35d1de2f844ed08101781efd09b3d57db4a6be83ea4d628c90
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC410AB2A00704AFD724AF78CC41BEA7BEAEF89710F10453EF145DB282D7B199818784
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 006F5783
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 006F57A9
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 006F57CE
                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 006F57FA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 109be95fca54ca276b61d1e8c7f43d0be3ab86782cc70e043cecd2cc4ef7e8f7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1d8cc51ad067fe2eea77a736ae493d8e8da2d456e4610d474533ff9dcd4f69ad
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 109be95fca54ca276b61d1e8c7f43d0be3ab86782cc70e043cecd2cc4ef7e8f7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13414C39600610DFCB11EF55C444A5EBBE2FF89720B18C488EA5AAB362CB35FD40CB95
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,006A6D71,00000000,00000000,006A82D9,?,006A82D9,?,00000001,006A6D71,?,00000001,006A82D9,006A82D9), ref: 006BD910
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006BD999
                                                                                                                                                                                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 006BD9AB
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 006BD9B4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006B3820: RtlAllocateHeap.NTDLL(00000000,?,00751444,?,0069FDF5,?,?,0068A976,00000010,00751440,006813FC,?,006813C6,?,00681129), ref: 006B3852
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4900d671d626bce7349f1829de0dd05917ed5ed5057f5e709339fa55109c6152
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1c2e6b1d099f435114b9fbdd8e03c5ded51c3c63844e47ffca0265df5192e556
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4900d671d626bce7349f1829de0dd05917ed5ed5057f5e709339fa55109c6152
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D31BEB2A0020AABDF25AF64DC41EEE7BA6EB41310F054168FC04DB290EB35CD91CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00715352
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00715375
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00715382
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007153A8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 37377b80a10351b257dd968f0bbeae65e9839eeaa55664da1ef4de14448655a6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4aa0661b1ddc6998ceea9d4816e323d26d9e37576da0ab04fbbfa5d373affef5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37377b80a10351b257dd968f0bbeae65e9839eeaa55664da1ef4de14448655a6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D31C634A55A08EFEB3D9E5CCC06BE83766AB84394F948102FA20971E1C7BC9DC0E755
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 006EABF1
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 006EAC0D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 006EAC74
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 006EACC6
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 688b63ef2ee4637e5f2ae7d36e986f6b9beec87af3bab645bbd12c235d67f164
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8746983256eb24dfcfe87cabca89b551458b5fc3fe3523e6b9d8fd51281c9b28
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 688b63ef2ee4637e5f2ae7d36e986f6b9beec87af3bab645bbd12c235d67f164
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78312830A413986FFF35CBA68C047FA7BA7AF85B10F28821AE485562D0C374A9858756
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0071769A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00717710
                                                                                                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,00718B89), ref: 00717720
                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 0071778C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ace0a8981adb45124ff19d8e3759c5875b37ad8b344dc810f9d536dbd4bd9003
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 64dc86587b32a99eadc1e18d98932ad05b5c3fdac91e43b9a47ec7d59526c697
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ace0a8981adb45124ff19d8e3759c5875b37ad8b344dc810f9d536dbd4bd9003
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B419C34605254DFCB05CF5CC894EE9B7F5BB49311F5580A8E4149B2E1C378E981CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 007116EB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006E3A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: GetCurrentThreadId.KERNEL32 ref: 006E3A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006E25B3), ref: 006E3A65
                                                                                                                                                                                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 007116FF
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 0071174C
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00711752
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f7b6aab00cb6e277591bdd8404e698575b31d976c50190391a9ceb0bc8ff326e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 29d7beb3432850d10377e52aa84e545402ec6db1bdd41f522bb22b548d989b44
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7b6aab00cb6e277591bdd8404e698575b31d976c50190391a9ceb0bc8ff326e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B315E71D00249AFDB00EFA9C885CEEBBFAEF88304B5080ADE515E7251D635DE45CBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00719001
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,006D7711,?,?,?,?,?), ref: 00719016
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 0071905E
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,006D7711,?,?,?), ref: 00719094
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4d3d2b1a2f54673a8c9d4933fad4f0a555b725e5b2f635a2654508f41021eb4d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f640edbf4b61e50c8ae27a3d69e1952d44f3b2824eb6bbec5c524d23973d230f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d3d2b1a2f54673a8c9d4933fad4f0a555b725e5b2f635a2654508f41021eb4d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2219435600114EFCB15CF98CC65EEA7BB9EB49361F148069F605471A1C379AD91DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,0071CB68), ref: 006ED2FB
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006ED30A
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 006ED319
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0071CB68), ref: 006ED376
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f4172ccb3b0fe11fd72d85ed796b6c828893a4b3186a8091109b022c6fa225f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d7c2d6b21841dd35621ba13d8a942d847db297e4eb1db733f144a7e9f194c870
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f4172ccb3b0fe11fd72d85ed796b6c828893a4b3186a8091109b022c6fa225f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F621D1B054A3019F8310EF69C8818AEB7E5EE56324F108A1DF499D72E1DB30D946CB97
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006E102A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006E1036
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006E1045
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006E104C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006E1062
                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 006E15BE
                                                                                                                                                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 006E15E1
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006E1617
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 006E161E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 81cdc8215f68a1446b562ce184d93ef7555cebd244edcec026bf8c2eb568597a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a62381dc01d47f44e86883075baaf44a99f4c797b0695c9c5f0c50b6c44581d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81cdc8215f68a1446b562ce184d93ef7555cebd244edcec026bf8c2eb568597a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A21A171E41208EFDF00DFA5C945BEEB7B9EF45354F088459E445AB241D734AE09EB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0071280A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00712824
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00712832
                                                                                                                                                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00712840
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8601dc432ba3c4bb5932997a0e7ac8864def07fcf52579425616110a35f34fb8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9128c6840f562bc1f1398d83dd89be320351c258df5b1c0567da3009fdf0aff4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8601dc432ba3c4bb5932997a0e7ac8864def07fcf52579425616110a35f34fb8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB21D331204111AFE7159B28C844FEA7B96AF85324F248258F5268B6E3CB79FC92C7D0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,006E790A,?,000000FF,?,006E8754,00000000,?,0000001C,?,?), ref: 006E8D8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E8D7D: lstrcpyW.KERNEL32(00000000,?,?,006E790A,?,000000FF,?,006E8754,00000000,?,0000001C,?,?,00000000), ref: 006E8DB2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E8D7D: lstrcmpiW.KERNEL32(00000000,?,006E790A,?,000000FF,?,006E8754,00000000,?,0000001C,?,?), ref: 006E8DE3
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,006E8754,00000000,?,0000001C,?,?,00000000), ref: 006E7923
                                                                                                                                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000000,?,?,006E8754,00000000,?,0000001C,?,?,00000000), ref: 006E7949
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,006E8754,00000000,?,0000001C,?,?,00000000), ref: 006E7984
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 210a49f713b061d89ee99d0466c53f4cc300e895b79ca8dfd95707f361dcd135
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 28cc80b74e6d6e4e6e3168023b31a5585f1d46c6f7b463e1ac9288aa5f0ef141
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 210a49f713b061d89ee99d0466c53f4cc300e895b79ca8dfd95707f361dcd135
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1211063A201381AFCB155F79CC44EBA77AAFF45350B10802AF806C73A5EB319901D795
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00717D0B
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00717D2A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00717D42
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,006FB7AD,00000000), ref: 00717D6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 97dee7d8730a169dde5e1fb7b418d90ca2b6a19d05e38868867094cf54137c04
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 46bf89548cb5f93c9585c4d3fec9c2efb756f84d9111c953c0a23cdb5f12c2dd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97dee7d8730a169dde5e1fb7b418d90ca2b6a19d05e38868867094cf54137c04
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5911D231204618AFCB148F6CDC04AE63BB5AF45365B118724F835DB2F0E7389DA0CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 007156BB
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007156CD
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007156D8
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00715816
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e32762d1c9b9d2cdb39d5218a1ca0b1028036300e82b37f30cceb5768c6e601b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 76f389c2ea7ec7e7c16d9e6caf75670d84ba3f0e3f4d499d72838be133e2222b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e32762d1c9b9d2cdb39d5218a1ca0b1028036300e82b37f30cceb5768c6e601b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0311E471600604DADB249F69CC85AEE776CAF91764B10806AF905D60C1EBB899C0CBA4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9bffb7ddf80b1226b9e5e59dcfbefff285f7d334f3603039f6b6da572a501989
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 36df905096f3ead091685acb892dc376b43960b31ae2ed6e77438d5b41fe7e68
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bffb7ddf80b1226b9e5e59dcfbefff285f7d334f3603039f6b6da572a501989
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 980126F220961A3EF61126B86CD0FE7261EDF427B8F74432AF520592D2DB60CC805374
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 006E1A47
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006E1A59
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006E1A6F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006E1A8A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ff31a51e36e5d4bdc4094f147aa2094e8f521513d7d6174180e728c1f3d00653
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8b8f92d2d13c621ee4df1ad3e37d11e57cdc05c9f0d503ed2c01fc8e43438af1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff31a51e36e5d4bdc4094f147aa2094e8f521513d7d6174180e728c1f3d00653
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78113C3AD01219FFEB11DBA9CD85FEDBB79EB04750F2000A1E600B7290D6716E50EB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 006EE1FD
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 006EE230
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 006EE246
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 006EE24D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ac5688dd585dbabc6c0506d782553c167329d869d7cab1ca99a4bb8f9e44883
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e01c19e6ca562a7b886f2ae324ff08ac7eded4eaffdbdb80a04a7d7a8afdbf44
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ac5688dd585dbabc6c0506d782553c167329d869d7cab1ca99a4bb8f9e44883
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4211E576904358BFC7019FE89C05ADA7BAD9B45311F00C215F924D3290D2B98A0487A5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,006ACFF9,00000000,00000004,00000000), ref: 006AD218
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006AD224
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 006AD22B
                                                                                                                                                                                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 006AD249
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7a51e5e502bdbfbc3a0345937c1ef0c4abaf9752b5e6a0f553ca5f62323a9ca6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f8bfd75458843b736ad27549ae7a2090c807251713be8fd0534f89119b4d2889
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a51e5e502bdbfbc3a0345937c1ef0c4abaf9752b5e6a0f553ca5f62323a9ca6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C01C4764451047BC7117BA5DC09BEA7A6ADF83730F104229F926925D0DB708E01CAA5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00699BB2
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00719F31
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00719F3B
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00719F46
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00719F7A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8c7ece84670ce1428db94be1a478b9f526f233eb77af47a9f724b01732a1dc59
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9d9451b7c79a34a6eb33b943b637556f94d7e15ab4f7acae7d34a49735a47674
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c7ece84670ce1428db94be1a478b9f526f233eb77af47a9f724b01732a1dc59
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A611363290021AFBDB11DFACC8599EE77BDEB05312F508455FA01E3180D378BA92CBA5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0068604C
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00686060
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 0068606A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8c4290d99deaa933c93944417dec5f9f828051ec524e7ab6e9ddb779e30e5d08
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0601b40b87a89a4fb09e000ebe68fb25736f9aed276750c5b712a46f094a6277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c4290d99deaa933c93944417dec5f9f828051ec524e7ab6e9ddb779e30e5d08
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C11AD72101508BFEF129FA4CD44EEABB7AEF083A4F008205FA0452160C7369C60EBA8
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 006A3B56
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 006A3AD2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006A3AA3: ___AdjustPointer.LIBCMT ref: 006A3AED
                                                                                                                                                                                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 006A3B6B
                                                                                                                                                                                                                                                                                                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 006A3B7C
                                                                                                                                                                                                                                                                                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 006A3BA4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c9af43de2258010d75510deb55238ab84220ae581e32587d281fada7fee7af48
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6015732100148BBCF126E95CC42EEB7B6BEF9A754F044008FE0856221C732ED619FA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,006813C6,00000000,00000000,?,006B301A,006813C6,00000000,00000000,00000000,?,006B328B,00000006,FlsSetValue), ref: 006B30A5
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,006B301A,006813C6,00000000,00000000,00000000,?,006B328B,00000006,FlsSetValue,00722290,FlsSetValue,00000000,00000364,?,006B2E46), ref: 006B30B1
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,006B301A,006813C6,00000000,00000000,00000000,?,006B328B,00000006,FlsSetValue,00722290,FlsSetValue,00000000), ref: 006B30BF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e0838f481d2058a0687c9c27830d7d0fe8ebf0d9c4d619c9436924de5804cff7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 23c47ff5414f0aafd9ebc470ef9680c43f9b2900e0cc91c1b1a5d2d4abafb31a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0838f481d2058a0687c9c27830d7d0fe8ebf0d9c4d619c9436924de5804cff7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D601FC76795332ABC7315BBC9C449D77799AF05761B108620F905D3380C725D981C7E4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 006E747F
                                                                                                                                                                                                                                                                                                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 006E7497
                                                                                                                                                                                                                                                                                                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 006E74AC
                                                                                                                                                                                                                                                                                                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 006E74CA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 635fe41fb4dc511e5c3d917c89ecf3883794e7c2d558ad89d0a727ff3f262c85
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d6c11f0fcc9abb8f8f25fa2ce0cc0cb8de0e58bf169daaa20214c9ec4cee9c1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 635fe41fb4dc511e5c3d917c89ecf3883794e7c2d558ad89d0a727ff3f262c85
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF118EB524A358EBE720CF59DC08B927FFDEB00B00F10C569AA16D61D1D774E905DB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,006EACD3,?,00008000), ref: 006EB0C4
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,006EACD3,?,00008000), ref: 006EB0E9
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,006EACD3,?,00008000), ref: 006EB0F3
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,006EACD3,?,00008000), ref: 006EB126
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 76a8589a0f2802fdedd844819b1bfef6991a8dbd6c3b752bd8cf4fb513516727
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3d8972ecce3ebe43d379ce3ea2c525e920f3d85df95a81a107be794ad7b188c3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76a8589a0f2802fdedd844819b1bfef6991a8dbd6c3b752bd8cf4fb513516727
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86117C70C4265CE7CF00AFE9E9596EFBB79FF0A320F008086D941B3281CB3456509B55
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00717E33
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00717E4B
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00717E6F
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00717E8A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1eb6e08d75fce7c71f865bea5cc8fc4495f612cee330bfe9da7bbea65c1cf7f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9c0d4f846986cbc9d4bfed2254a9e04b45e307d3d7e489e31e1280d6ab50b38e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1eb6e08d75fce7c71f865bea5cc8fc4495f612cee330bfe9da7bbea65c1cf7f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F1153B9D0020AAFDB41CF98C884AEEBBF9FF08310F509066E915E3250D775AA54CF94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 006E2DC5
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 006E2DD6
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 006E2DDD
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 006E2DE4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0c1f4dd61bfc14c9708ec744e57dadb97cd90c4d35c6d4edd5c0dbf04fe7975d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 10d41059dfd4c69de5d69eb973867965a57a78a7c9662bb45c007c18de480ad9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c1f4dd61bfc14c9708ec744e57dadb97cd90c4d35c6d4edd5c0dbf04fe7975d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1E092715823247BD7211BB79C0EFEB7E6EEF42BA1F008115F205D10C0DAA8C841CAB1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00699693
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699639: SelectObject.GDI32(?,00000000), ref: 006996A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699639: BeginPath.GDI32(?), ref: 006996B9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00699639: SelectObject.GDI32(?,00000000), ref: 006996E2
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00718887
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 00718894
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 007188A4
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 007188B2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d0dfa5bf207e4016c02ef6de85605ac0cab0408dbeb244a7de9c689d11240480
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 79296ff4a174b098c19d358e0fde0bafd9ed3a466ba59c1816f42ababbef7693
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0dfa5bf207e4016c02ef6de85605ac0cab0408dbeb244a7de9c689d11240480
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF03A36081298BAEB135F98AC0AFCA3B59AF0A311F44C000FA11651E1C7B95651DBED
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 006998CC
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 006998D6
                                                                                                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 006998E9
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 006998F1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e8ed484359a931e9908a804aebd49bd4b1f9678fd9bf64132ee8c9f6fd43f55f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cead5b7156812ee6d8603b2a94b330b80c044e385a2637911daa13675cead0c5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8ed484359a931e9908a804aebd49bd4b1f9678fd9bf64132ee8c9f6fd43f55f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBE065316C4244BADB225BB8BC09BD83F51AB11335F14C21AF6F5541E1C77546509B11
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 006E1634
                                                                                                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,006E11D9), ref: 006E163B
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,006E11D9), ref: 006E1648
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,006E11D9), ref: 006E164F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1680b44f42fbbd897eb7205abb4f845dc44a634583769c273097b6fdbcfe4f6f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c4e8bb804bd057b01356be96622cd1c2a3871adf69bdb7ba812ff62a1435a99b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1680b44f42fbbd897eb7205abb4f845dc44a634583769c273097b6fdbcfe4f6f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEE04632682221ABD7201BE9AE0DBC63B79BF49792F15C808F245CA0C0E63885408B68
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 006DD858
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 006DD862
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 006DD882
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 006DD8A3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 82818f4831758a338fb22571be3209e2bf0a4b17500dfa1849ae4513dbc52d14
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a140a6499411def49f8d62fd86d0d0f3c406c6cd6a7ffa1887575ac8243d16e8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82818f4831758a338fb22571be3209e2bf0a4b17500dfa1849ae4513dbc52d14
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AE01AB4C40204EFCF42AFE4D8086ADBBB6FF08310F10D019E90AE7290C7388902AF54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 006DD86C
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 006DD876
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 006DD882
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 006DD8A3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e7ba6ca97e6f6c052b1f10f9e666e6939ebab349ca53ccc51e7b9c888471a501
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 204a21cfd1c51c1972e11da25b8660ce0217474e6049f13f5a705290624f44b6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7ba6ca97e6f6c052b1f10f9e666e6939ebab349ca53ccc51e7b9c888471a501
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5E09A75C40204DFCF52AFE4D8086ADBBB6BF48315B14D459E94AE7290C73C99019F54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00687620: _wcslen.LIBCMT ref: 00687625
                                                                                                                                                                                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 006F4ED4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f948ac852c63d4de0c29a6ed23994e28e0e36e45cf5c13387bac527e17d5fc2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 45319c7bafcd68504e212eb3a9edc1c8349f1e2c73f4689c438600f90b252e87
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f948ac852c63d4de0c29a6ed23994e28e0e36e45cf5c13387bac527e17d5fc2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C916F75A012089FCB14DF58C484EBABBF2BF85314F148099E50A9F762DB35ED85CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(006D569E,00000000,?,0071CC08,?,00000000,00000000), ref: 007078DD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00686B57: _wcslen.LIBCMT ref: 00686B6A
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(006D569E,00000000,?,0071CC08,00000000,?,00000000,00000000), ref: 0070783B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: <st
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3544283678-2169133814
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cfa57dd62f88dacd5c7c20ae1a7a4186dbe2c45abd4efb1e7f3300811c379e38
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9245d258fc5f90cce771faa8ec443428b1e9a73ebdc8755ceeaab45da0100b7b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfa57dd62f88dacd5c7c20ae1a7a4186dbe2c45abd4efb1e7f3300811c379e38
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87613D72924129EBCF48FBE4CC91DFDB3B9BF14700B544629F542A7191EF286A05CBA4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b530266ee5f28f51d916242657c9fe7d97283441c6ef95e677ee174aed143d2e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9e0708c411d33a820912362c4cb6882a8528ad09180e24c01627ff1db12c5a98
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b530266ee5f28f51d916242657c9fe7d97283441c6ef95e677ee174aed143d2e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9513475900246DFDF55EF68C481AFA7BAAEF15310F24805AE8919F3D0D6369E43CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 0069F2A2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 0069F2BB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1862765d1253cc416ba2374a89d97939141a2d03306230ca8c65da5c74bd1335
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 64aec774e9c9a2e32c3af54cfc2aaf36aa140ae8c2874438281fefb2e66b1796
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1862765d1253cc416ba2374a89d97939141a2d03306230ca8c65da5c74bd1335
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 685167714087449BE360AF10E886BABBBF9FF84314F91894DF29951095EB309529CB6A
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 007057E0
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 007057EC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3687a85cb50bb5263aa65e7c7e07201c53bc20da48426fc4dbd431c0b3ce137d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2e959bd89b11f15f75b01f633636eeb4a8ba5ec77c542f435c4c19be7958833f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3687a85cb50bb5263aa65e7c7e07201c53bc20da48426fc4dbd431c0b3ce137d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1417D71A00209DFCB04DFA9C8858AEBBF9EF59310B14826DE905A72D1E7749D81CFA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006FD130
                                                                                                                                                                                                                                                                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 006FD13A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: da8e4c2f331d0cc93cbcd847310b6d780efc073282af59ec08ff1087bbb0b545
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 20b4c28335c000825676cd0b8e248c47bd6ebc125baa50733245a23fb0565e15
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da8e4c2f331d0cc93cbcd847310b6d780efc073282af59ec08ff1087bbb0b545
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40313E71D00209ABCF55EFA4CC85AEEBFBBFF05304F000119F915A6265DB31AA16DB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00713621
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0071365C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 050c3987deb4deb126bb04ece7f1cec25659f9a76a34ca030320486b00353753
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 24b52b0319114228952507e93b55313cf4e4d72a125f5f6c571c2bb30bd234d6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 050c3987deb4deb126bb04ece7f1cec25659f9a76a34ca030320486b00353753
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20319C71100204AEEB20DF78DC80EFB73A9FF88764F10861DF9A597280DA38AD91D764
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0071461F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00714634
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c9a3bb95c86709c91b6a2898f5415f58451268ab166c6aeed84a4d03faae003d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5c6e0633093ff24defa932a563807b21f9e4f5dc240448f28b5b8e283e501b4e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9a3bb95c86709c91b6a2898f5415f58451268ab166c6aeed84a4d03faae003d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31313874A0030A9FDF14CFA9C980BDA7BB6FF09304F14406AE904AB381D774A991CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0071327C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00713287
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c5ad5083ea64c57dfb285a92a63761e7fab43f1c751f0f0302fd49454f4b4eb1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 143846895865adb55c874f8efd6e112b57b1fa734e89a660ce02fb1a754a212e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5ad5083ea64c57dfb285a92a63761e7fab43f1c751f0f0302fd49454f4b4eb1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA118271300208BFEF25AE98DC85EFB376BFB98364F104229F918972D0D6799D919760
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0068600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0068604C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0068600E: GetStockObject.GDI32(00000011), ref: 00686060
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0068600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0068606A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0071377A
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00713794
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8432e439a21ca0807780dc39103749e184b1b98065858ed23a25691053f09b1d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 61da0d0496ca9e69391961c7053b0afbffbe979f92a4f8924f9b991c33ace907
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8432e439a21ca0807780dc39103749e184b1b98065858ed23a25691053f09b1d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E113AB2610209AFDF11DFBCCC45EEA7BB9FB08314F004514F955E2290D779E9519B50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 006FCD7D
                                                                                                                                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 006FCDA6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bc984c6dfd36d8514c51eed5a98c5365b51d515c78dd150647c9c747db631811
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1d36f391f1ccfc69a71b4838d40614a60154e9a151060147745834b38ba78035
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc984c6dfd36d8514c51eed5a98c5365b51d515c78dd150647c9c747db631811
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B511C67124563DBAD7344B668C45EFBBEAEEF527B4F004226B20983180D7749841D6F0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 007134AB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 007134BA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e52094a261f27dc6bb00a4229023ba84f013b793918b8648d18bbe4987fc31ff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf329229191e5724c86ad9dfe2237b93f89b956aa769eba45792eef183f67b96
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e52094a261f27dc6bb00a4229023ba84f013b793918b8648d18bbe4987fc31ff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD118F71100248AFEB228E68DC44AFB376AEB15774F508324FD65931D0C779EC919754
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 006E6CB6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 006E6CC2
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7cc19f54e2ce38b25e507b51577733013e4328466822ef5873410a964696cb66
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b615eea7c91ee704fcb82524d29b539a2d7aefb2016cc6ddbf611bfe33bfb998
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cc19f54e2ce38b25e507b51577733013e4328466822ef5873410a964696cb66
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C401E1326016668A8B20AEBECC818FF77A7EE71B907600928F85292291EA31D8008750
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006E3CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 006E1D4C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dd8504e6261762ced6945183226f69ba32aa9bceeb08b248853e04857d454f2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fe5262c9b44dcad5eb1488bde4055023c1c8649fa058de3c7fe09388138fb022
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd8504e6261762ced6945183226f69ba32aa9bceeb08b248853e04857d454f2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F01B5B1642358ABCB08FBA5CC55CFE736AEF47750B140A1DB8226B3C1EA3159099764
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006E3CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 006E1C46
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aa68d74c10e3145b8c2f6fc9890115d66a04845c5dcf8d4abe7c93e69548a5ec
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ef4c8a0303f69b95dfe047c99797c332228e8cfa1bf633f44b8f29e731e31e1d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa68d74c10e3145b8c2f6fc9890115d66a04845c5dcf8d4abe7c93e69548a5ec
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF01A7B57822446BCB08FB91C955DFF77AA9B12740F24001DB416B72C2EA399E08D7B5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006E3CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 006E1CC8
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ae1a61d27f07e39833a90de8b2e10958181c658b3d69930e743874c30be00dd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bb95d0ff44c034660ec9d0e42c2234f29be05c59e14fe1ff12ed721ca32b6bb2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ae1a61d27f07e39833a90de8b2e10958181c658b3d69930e743874c30be00dd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB01DBB16C225467CB04F795CA15EFE73AA9B12740F240019B802B7381EA359F08D775
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0069A529
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ,%u$3ym
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2551934079-933350230
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a94c7fbe6a2add9b08dc93d7ff964073bcdc2d9444773fb1e1c9ba8e1f47ce1d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 19e7b1561203345458d86f18db9ec915cc77ef26d922711e76d4121bcbc803b1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a94c7fbe6a2add9b08dc93d7ff964073bcdc2d9444773fb1e1c9ba8e1f47ce1d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA014232B002108BCA44F7A8D81BAFD33AADB06B11F41006CF902576C3EE549D028AEF
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00689CB3: _wcslen.LIBCMT ref: 00689CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006E3CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 006E1DD3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 82f61b68b8f32f7febdd1e40db9310dd843c2ce02152ba3ffb2a5888f16a2818
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 45b34b487ae522913c7b3ba218c170873b1cf54cacdc1726d551716846b456af
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82f61b68b8f32f7febdd1e40db9310dd843c2ce02152ba3ffb2a5888f16a2818
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0F0F4B1A4231867CB08F7A5CC56EFE7379AF02740F080A19B822672C2EA7199088774
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00753018,0075305C), ref: 007181BF
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 007181D1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \0u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3712363035-1708047750
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e725d6cea646c78a91db4c5c407bf1cc6148d32a476713e54f6ddefa48a6a24b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 305b35d607d11636861279a11a4c1dd58f8328645d02ffa9ce6dea9405fdfdac
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e725d6cea646c78a91db4c5c407bf1cc6148d32a476713e54f6ddefa48a6a24b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89F09AB1680300BAE2216768AC05FF73A4EDB05792F008025BA0CD50F2E6AE8E0086ED
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bdbda8909cecf31b4f28240241f8714d5beef59d4a87b8b9cb9f50bd4a1f7a88
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9811a7b2509fe327e1fffa2109d0ce03a5464775ee2fead5448789a4cdcca5bf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdbda8909cecf31b4f28240241f8714d5beef59d4a87b8b9cb9f50bd4a1f7a88
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEE02B02A042A090D27926799CC197F97CECFC6750710182FF981C22A6EFD89DA1D3E4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 006E0B23
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aebc8711ff68bd2583d1501089626ae344f6eb32cf31af5ffd85c35ab79d1caf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5eaa56d95b9e7b61c1a6e8eff16501ff1ceea618e05574a20ee0558408fd8774
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aebc8711ff68bd2583d1501089626ae344f6eb32cf31af5ffd85c35ab79d1caf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AE0D83128430837D6513798BC03FC97A8A9F06F10F10442EF758955C38BD6289046ED
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0069F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,006A0D71,?,?,?,0068100A), ref: 0069F7CE
                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,0068100A), ref: 006A0D75
                                                                                                                                                                                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0068100A), ref: 006A0D84
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 006A0D7F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 152904382b5ef663f7ca59584964c391d8e6ceb554c56db5279aeacae53df60e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1f3333efebfeb1cb5405b9d35855d6e646e0c0c31137a71ec1659ba74c3a1523
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 152904382b5ef663f7ca59584964c391d8e6ceb554c56db5279aeacae53df60e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51E065742007014BE760BFBCD8043827BE5BF01741F00892DE485C6691D7F8E4488F91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0069E3D5
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0%u$8%u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1385522511-2666027011
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4a63a69ac008a68e295adf3177d1e8bb6cb0722e5f8ea2957a6a2842221f8d86
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f7384aa9336937fdeb71513cc2e864d8ad851ad887d536dbb0043944dbfb998f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a63a69ac008a68e295adf3177d1e8bb6cb0722e5f8ea2957a6a2842221f8d86
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05E0D835408A188BCE04EB18F454AC8335BAB1732171041F9E40147592EBB91C43854C
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 006F302F
                                                                                                                                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 006F3044
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e195a337b1a4b058d85297be818be3ebc41beaa7d39ba2c18598113fc199272d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f23021ef4bf01749f8fd67a3d40b0c5cfffb3672d2fdaab7744c514e8a0f53d8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e195a337b1a4b058d85297be818be3ebc41beaa7d39ba2c18598113fc199272d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3D05EB254032867DA20A7E8AC0EFCB3A6CEB05750F0082A1B655E60D1DAF89984CAD4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f86dd0b336c5b243a4b56588c9644bdbe4fff4cea57b13000e37c1ba34aa3f33
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 03c6b87efcda356eb64b8d4b65c0c801ecad833ca2d335811e58d52d095959da
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f86dd0b336c5b243a4b56588c9644bdbe4fff4cea57b13000e37c1ba34aa3f33
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46D012A1C48108FACF90ABD0CC45CF9B37DBB18341F508463FA06D1140D738C60AA761
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0071236C
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000), ref: 00712373
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EE97B: Sleep.KERNEL32 ref: 006EE9F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 30ad98d418fb271feb4b7e8bee9503f8853162435de500089f17081b4ecd587a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0aed1d29f673c2123fc65fa40f82cf1b51db4416403a121c18f3d88029eef8f3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30ad98d418fb271feb4b7e8bee9503f8853162435de500089f17081b4ecd587a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03D0A9323C13007BE2A5A3B0DC0FFC6A6059B00B00F0089067201AA0D0C9A8A800CA08
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0071232C
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0071233F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 006EE97B: Sleep.KERNEL32 ref: 006EE9F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2abbd2e2bcf69a48a52744af586585aff3c616dfd992fda24f0524abdd848f5f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7b26fc4b49d74d0bcb96432727665dc6a7e3f1e741403a96837c1b7806f35956
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2abbd2e2bcf69a48a52744af586585aff3c616dfd992fda24f0524abdd848f5f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DD022323C0300BBE2A4B3B0DC0FFC6BA059B00B00F00C9067305AA0D0C9F8A800CA08
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 006BBE93
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 006BBEA1
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006BBEFC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2279415405.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279374083.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279561732.0000000000742000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279646934.000000000074C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2279674312.0000000000754000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_680000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ef9ab3fe1f4876b930dbc48316d9048e0a889606cd286809afc2c266f0d9a8f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 44045072680f2b0c06b642b8aa56c2a9de662175b4009630a2927e66cde80c2e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef9ab3fe1f4876b930dbc48316d9048e0a889606cd286809afc2c266f0d9a8f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 434149B4600206AFCF218FA4CC44AFA7BAAEF02350F14916DF959972A1DBB08D81CF51